last executing test programs:

2.471231118s ago: executing program 0 (id=19598):
r0 = socket(0x11, 0x3, 0x6)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000280), r1)
sendmsg$auto_HWSIM_CMD_REGISTER(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)={0x14, r2, 0x1, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a})
sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f00000003c0)='\a', 0x5ea}, 0x5, 0x0, 0x0, 0x1001}, 0x5}, 0x2, 0x100)
close_range$auto(0x2, 0x8, 0x0)

2.184381079s ago: executing program 0 (id=19601):
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x400c890}, 0x800)
openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
bpf$auto(0xb0, &(0x7f00000001c0)=@task_fd_query={0x0, r0, 0x801, 0x10009, 0x8000004f0f, 0x1000049, 0xffffffffffffffff, 0x20000000000804, 0x7}, 0x6f3)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

1.949467396s ago: executing program 0 (id=19604):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x1e, 0x5, 0xfffffffe, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000)
clone$auto(0x7, 0x1, 0x0, 0x0, 0xe)
io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}})
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)

1.567038151s ago: executing program 2 (id=19608):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x9, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0xc)
setsockopt$auto(0x5, 0x104000000000010e, 0x2, 0x0, 0x16)

1.538128221s ago: executing program 3 (id=19609):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x10, 0x2, 0x0)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000040)={0x34, 0x0, 0x1, 0x70bd29, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x5}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x11}, 0x24000802)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

1.470943758s ago: executing program 1 (id=19610):
mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(r0, 0x0, 0x5f)
r1 = pipe2$auto(0x0, 0x80)
ioctl$auto(r1, 0x5761, 0x4)

1.32428776s ago: executing program 2 (id=19611):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
socket(0xa, 0x2, 0x73)
r0 = io_uring_setup$auto(0x9, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xf7}, 0x7)
close_range$auto(0x2, r0, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x742, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0xa61c2, 0x94)

1.229405104s ago: executing program 3 (id=19612):
mmap$auto(0x0, 0x7, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = memfd_create$auto(0x0, 0x4)
r1 = socket(0xa, 0x2, 0x3a)
statx$auto(r0, 0x0, 0x1000, 0xbdfc, 0x0)
setsockopt$auto(r1, 0x29, 0x14, 0x0, 0x56b)
fcntl$auto_F_GETOWNER_UIDS(r0, 0x11, 0x5)
setsockopt$auto(r1, 0x29, 0x14, 0x0, 0x10052b)

1.168742194s ago: executing program 1 (id=19613):
mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x3000000, 0x0, 0x1, 0x0, 0x10000000000000, 0x2}, 0x895}, 0x3, 0x0)
r1 = getpid()
process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0x10ffffffff}, 0x6, 0x0)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0)
ioctl$auto(r2, 0x5393, r0)

1.097498554s ago: executing program 0 (id=19614):
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8f3b7a51b80ebd01, 0x0)
r0 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r1 = getpid()
process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0x41}, 0x6, 0x0)
ioctl$auto(r0, 0x40246f4c, 0x38)

1.007407298s ago: executing program 3 (id=19615):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
bind$auto(0xffffffffffffffff, 0x0, 0x7f)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x82002, 0x0)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/reserved_size\x00', 0xa001, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)

1.00475768s ago: executing program 2 (id=19616):
mmap$auto(0x0, 0x2000c, 0x4000000000df, 0xeb1, 0x401, 0x8000)
ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3)
r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000080), 0x1e1500, 0x0)
ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0)
shmctl$auto_IPC_INFO(0x7, 0x3, 0x0)
ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6)
ioctl$auto_IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, 0x0)

875.183819ms ago: executing program 1 (id=19617):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
sysfs$auto(0x2, 0x10000000000002d, 0x0)
ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0)
ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6)
ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, 0x0)
ioctl$auto_IOCTL_VMCI_CTX_REMOVE_NOTIFICATION(r0, 0x7b0, 0x0)

762.983901ms ago: executing program 3 (id=19618):
mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
fstat$auto(0xffffffffffffffff, &(0x7f0000000300)={0xff, 0x7, 0x45, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x803, 0x4, 0x6, 0x0, 0x1000073, 0x1, 0x1, 0x8})
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x101000, 0x0)
preadv$auto(r0, &(0x7f00000002c0)={0x0, 0xbe78}, 0x5, 0x800000fb, 0x8100000001)
syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002740), 0xffffffffffffffff)
ioctl$auto_FS_IOC_ENABLE_VERITY3(0xffffffffffffffff, 0x40806685, &(0x7f0000000280)={0x1c0, 0x3, 0x9, 0x6, 0x1, 0xa, 0x0, 0x1})
ioctl$auto_SW_SYNC_IOC_INC(0xffffffffffffffff, 0x40045701, 0x0)

699.412085ms ago: executing program 2 (id=19619):
r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0)
mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x1, 0x0)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_pipe\x00', 0x40b00, 0x0)
r1 = epoll_create$auto(0x8800001)
epoll_ctl$auto(r1, 0x1, r0, 0x0)

608.70254ms ago: executing program 1 (id=19620):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
getrandom$auto(0x0, 0xa, 0x3)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
getrandom$auto(0x0, 0x5d, 0x7)
write$auto_console_fops_tty_io(r1, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef)
ioctl$auto(r0, 0x4b66, 0x1)

511.149888ms ago: executing program 0 (id=19621):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x7, 0x8})
close_range$auto(0x2, 0x8, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sg0\x00', 0x20000, 0x0)
openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000740), 0x101001, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)

466.941845ms ago: executing program 3 (id=19622):
close_range$auto(0x0, 0xffffffffffffffff, 0x2)
r0 = fanotify_init$auto(0x1f53, 0x2000000000002)
r1 = open(&(0x7f0000000000)='./file1\x00', 0x1652c2, 0xe1d2b27bdc14aa98)
fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r1, 0x0)
mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4)
unlink$auto(&(0x7f00000001c0)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2DW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xea\xa5\xff \xec\xe8\xca\xbf\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\v\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4N\xbb\xc2\xf8\x9c\xd0+t\x87r\x02\x05\xdb\xe4\xde\xed\x02\x00\x00\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00M\x83\xdb\xaf\xc4\xf23l\xae\xc5\x1d\xc4\xb0\x06\xd06\x1dX\x03\xe3\x9e\xd3\xd96\xcf\xd9\xa3\xcb\xd6B\xc3\x0f#\xd2\x1a\xf9L\xf5\x87My\xce\x19*\xde\x8d+#\x13\x15\xd3Y\x98\xe1\xc3@\x0e\x9c\xc2\xf8\b\xaf\x89\xe5\x00\x89-pWD\xb5&\xc9\x8e\x8d,\xb7}1\x84U\x18y\xa90\xf5\x80\x981U\x17\x14]\xc56j\xe7\x0e\xecBr\xa9]\"\xd36^m\x12\xb6\xbc\x80\xa4h{\xde\xcf\xf7d\x87rl\x11\xf7\x15\xcb~\xb9\x01\x0e\xd7O_\x91\xe1\xead\xee\xed]/p\xd6\xff\x17\xe4\aV\"I\xca\x90\xc7i\'\xa3R\x81\xf1}4\xbeU\x00\xa4\x1d\xea!Z\xd4|\xbe\x987\n!\x9b?\xb9l_\xd8$av\xfe%\xa2\xda\x82\x14\xc311;\xa4ob\x87\xdbY\xe2\x00')
read$auto_deferred_devs_fops_(r0, &(0x7f00000007c0)=""/154, 0x9a)

410.052632ms ago: executing program 2 (id=19623):
r0 = socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8)
getsockopt$auto(r0, 0x84, 0x16, 0x0, 0x0)
r1 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
ioctl$auto_I2C_SMBUS(r1, 0x720, 0xfffffffffffffffe)

342.403769ms ago: executing program 1 (id=19624):
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socket(0x2, 0x801, 0x106)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x6, 0x0)
timerfd_create$auto(0x0, 0x0)
ioctl$auto(0x3, 0x80000541b, 0x38)

206.583599ms ago: executing program 3 (id=19625):
r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8)
write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x84)

152.95901ms ago: executing program 2 (id=19626):
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
landlock_create_ruleset$auto(&(0x7f0000000000)={0xdaa0, 0x1, 0x8}, 0x9, 0x0)
landlock_restrict_self$auto(r0, 0x0)
r1 = socket(0x2, 0x1, 0x0)
bind$auto(r1, &(0x7f0000000040)=@nl=@unspec, 0x3)

76.399559ms ago: executing program 1 (id=19627):
sendmsg$auto_NFSD_CMD_LISTENER_SET(0xffffffffffffffff, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000180)={0x1c, 0x0, 0x1, 0x870bd2b, 0x25dfdbfc, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x8, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='U'], 0x1ac}}, 0x4004)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc6}, 0x1, 0x0, 0x2, 0xd}, 0xd69}, 0x3, 0x0)

0s ago: executing program 0 (id=19628):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy1/net/wpan1/queues/tx-0/byte_queue_limits/stall_thrs\x00', 0x182b02, 0x0)
socket(0x11, 0x80003, 0x0)
mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000)
semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/nmi_watchdog\x00', 0x101202, 0x0)
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0)
ioctl$auto(r0, 0x41045508, r0)

kernel console output (not intermixed with test programs):

50][T19318]  ? prepare_alloc_pages+0x16d/0x5f0
[ 1436.824373][T19318]  should_fail_alloc_page+0xeb/0x140
[ 1436.824394][T19318]  prepare_alloc_pages+0x1f0/0x5f0
[ 1436.824419][T19318]  __alloc_frozen_pages_noprof+0x19a/0x2ba0
[ 1436.824450][T19318]  ? rcu_is_watching+0x12/0xc0
[ 1436.824478][T19318]  ? trace_mm_page_alloc+0x17a/0x1d0
[ 1436.824499][T19318]  ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0
[ 1436.824530][T19318]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1436.824562][T19318]  ? find_held_lock+0x2b/0x80
[ 1436.824578][T19318]  ? is_bpf_text_address+0x8a/0x1a0
[ 1436.824605][T19318]  ? is_bpf_text_address+0x8a/0x1a0
[ 1436.824635][T19318]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1436.824655][T19318]  ? is_bpf_text_address+0x94/0x1a0
[ 1436.824682][T19318]  ? kernel_text_address+0x8d/0x100
[ 1436.824709][T19318]  ? __kernel_text_address+0xd/0x30
[ 1436.824736][T19318]  ? unwind_get_return_address+0x59/0xa0
[ 1436.824761][T19318]  alloc_pages_bulk_noprof+0x782/0x1490
[ 1436.824797][T19318]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[ 1436.824827][T19318]  ? kasan_save_stack+0x30/0x50
[ 1436.824860][T19318]  ? alloc_pages_noprof+0x233/0x390
[ 1436.824881][T19318]  __kasan_populate_vmalloc+0xf0/0x210
[ 1436.824914][T19318]  alloc_vmap_area+0x95d/0x2bd0
[ 1436.824942][T19318]  ? __pfx_alloc_vmap_area+0x10/0x10
[ 1436.824966][T19318]  __get_vm_area_node+0x1ca/0x330
[ 1436.824991][T19318]  __vmalloc_node_range_noprof+0x213/0x1530
[ 1436.825014][T19318]  ? kernel_clone+0xfc/0x9a0
[ 1436.825040][T19318]  ? kernel_clone+0xfc/0x9a0
[ 1436.825074][T19318]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1436.825103][T19318]  ? rcu_is_watching+0x12/0xc0
[ 1436.825130][T19318]  ? trace_kmem_cache_alloc+0xf3/0x120
[ 1436.825151][T19318]  ? kernel_clone+0xfc/0x9a0
[ 1436.825170][T19318]  __vmalloc_node_noprof+0xad/0xf0
[ 1436.825193][T19318]  ? kernel_clone+0xfc/0x9a0
[ 1436.825215][T19318]  copy_process+0x5ec/0x7a40
[ 1436.825238][T19318]  ? __pfx___futex_wait+0x10/0x10
[ 1436.825275][T19318]  ? __pfx_copy_process+0x10/0x10
[ 1436.825306][T19318]  kernel_clone+0xfc/0x9a0
[ 1436.825327][T19318]  ? __pfx_futex_wait+0x10/0x10
[ 1436.825355][T19318]  ? __pfx_kernel_clone+0x10/0x10
[ 1436.825388][T19318]  __do_sys_clone+0xd9/0x120
[ 1436.825409][T19318]  ? __pfx___do_sys_clone+0x10/0x10
[ 1436.825448][T19318]  do_syscall_64+0x106/0xf80
[ 1436.825473][T19318]  ? clear_bhb_loop+0x40/0x90
[ 1436.825495][T19318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1436.825515][T19318] RIP: 0033:0x7f3a40b9c799
[ 1436.825531][T19318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1436.825549][T19318] RSP: 002b:00007f3a41a0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1436.825568][T19318] RAX: ffffffffffffffda RBX: 00007f3a40e15fa0 RCX: 00007f3a40b9c799
[ 1436.825580][T19318] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000008
[ 1436.825591][T19318] RBP: 00007f3a40c32c99 R08: 0000000000000002 R09: 0000000000000000
[ 1436.825602][T19318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1436.825613][T19318] R13: 00007f3a40e16038 R14: 00007f3a40e15fa0 R15: 00007ffdaf7dd168
[ 1436.825636][T19318]  </TASK>
[ 1436.825714][T19318] syz.0.18091: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1438.793554][T19318] CPU: 0 UID: 0 PID: 19318 Comm: syz.0.18091 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1438.793597][T19318] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1438.793609][T19318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1438.793619][T19318] Call Trace:
[ 1438.793626][T19318]  <TASK>
[ 1438.793633][T19318]  dump_stack_lvl+0x100/0x190
[ 1438.793664][T19318]  warn_alloc.cold+0x95/0x1c1
[ 1438.793694][T19318]  ? __pfx_warn_alloc+0x10/0x10
[ 1438.793720][T19318]  ? lockdep_hardirqs_on+0x78/0x100
[ 1438.793747][T19318]  ? __get_vm_area_node+0x2c5/0x330
[ 1438.793772][T19318]  ? __get_vm_area_node+0x208/0x330
[ 1438.793797][T19318]  __vmalloc_node_range_noprof+0xbf4/0x1530
[ 1438.793825][T19318]  ? kernel_clone+0xfc/0x9a0
[ 1438.793852][T19318]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1438.793880][T19318]  ? rcu_is_watching+0x12/0xc0
[ 1438.793907][T19318]  ? trace_kmem_cache_alloc+0xf3/0x120
[ 1438.793928][T19318]  ? kernel_clone+0xfc/0x9a0
[ 1438.793947][T19318]  __vmalloc_node_noprof+0xad/0xf0
[ 1438.793970][T19318]  ? kernel_clone+0xfc/0x9a0
[ 1438.794004][T19318]  copy_process+0x5ec/0x7a40
[ 1438.794027][T19318]  ? __pfx___futex_wait+0x10/0x10
[ 1438.794061][T19318]  ? __pfx_copy_process+0x10/0x10
[ 1438.794092][T19318]  kernel_clone+0xfc/0x9a0
[ 1438.794111][T19318]  ? __pfx_futex_wait+0x10/0x10
[ 1438.794139][T19318]  ? __pfx_kernel_clone+0x10/0x10
[ 1438.794171][T19318]  __do_sys_clone+0xd9/0x120
[ 1438.794192][T19318]  ? __pfx___do_sys_clone+0x10/0x10
[ 1438.794230][T19318]  do_syscall_64+0x106/0xf80
[ 1438.794255][T19318]  ? clear_bhb_loop+0x40/0x90
[ 1438.794277][T19318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1438.794295][T19318] RIP: 0033:0x7f3a40b9c799
[ 1438.794320][T19318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1438.794340][T19318] RSP: 002b:00007f3a41a0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1438.794358][T19318] RAX: ffffffffffffffda RBX: 00007f3a40e15fa0 RCX: 00007f3a40b9c799
[ 1438.794370][T19318] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000008
[ 1438.794380][T19318] RBP: 00007f3a40c32c99 R08: 0000000000000002 R09: 0000000000000000
[ 1438.794391][T19318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1438.794402][T19318] R13: 00007f3a40e16038 R14: 00007f3a40e15fa0 R15: 00007ffdaf7dd168
[ 1438.794424][T19318]  </TASK>
[ 1438.794431][T19318] Mem-Info:
[ 1440.128421][T19318] active_anon:40458 inactive_anon:40 isolated_anon:0
[ 1440.128421][T19318]  active_file:6886 inactive_file:52005 isolated_file:0
[ 1440.128421][T19318]  unevictable:768 dirty:4 writeback:0
[ 1440.128421][T19318]  slab_reclaimable:15474 slab_unreclaimable:96593
[ 1440.128421][T19318]  mapped:32253 shmem:25068 pagetables:1369
[ 1440.128421][T19318]  sec_pagetables:0 bounce:0
[ 1440.128421][T19318]  kernel_misc_reclaimable:0
[ 1440.128421][T19318]  free:1277196 free_pcp:14792 free_cma:0
[ 1440.386998][T19318] Node 0 active_anon:164596kB inactive_anon:160kB active_file:27544kB inactive_file:207868kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130584kB dirty:16kB writeback:0kB shmem:101552kB shmem_thp:2048kB shmem_pmdmapped:0kB anon_thp:45056kB kernel_stack:11328kB pagetables:5392kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1440.585540][T19318] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1440.764904][T19318] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1440.953044][T19318] lowmem_reserve[]: 0 2477 2478 2478 2478
[ 1441.001726][T19318] Node 0 DMA32 free:1158996kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:169464kB inactive_anon:192kB active_file:27544kB inactive_file:207876kB unevictable:1536kB writepending:12kB zspages:0kB present:3129332kB managed:2537384kB mlocked:0kB bounce:0kB free_pcp:41872kB local_pcp:41872kB free_cma:0kB
[ 1441.205768][T19318] lowmem_reserve[]: 0 0 1 1 1
[ 1441.239819][T19318] Node 0 Normal free:4kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB
[ 1441.394390][T19318] lowmem_reserve[]: 0 0 0 0 0
[ 1441.420635][T19318] Node 1 Normal free:3926676kB boost:0kB min:55580kB low:69472kB high:83364kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:16464kB local_pcp:16464kB free_cma:0kB
[ 1441.589438][T19318] lowmem_reserve[]: 0 0 0 0 0
[ 1441.604038][T19318] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1441.665835][T19318] Node 0 DMA32: 5170*4kB (UME) 3538*8kB (UME) 2418*16kB (UME) 519*32kB (UME) 762*64kB (UME) 779*128kB (UME) 555*256kB (UME) 372*512kB (UM) 223*1024kB (UM) 13*2048kB (U) 77*4096kB (M) = 1155672kB
[ 1441.759406][T19318] Node 0 Normal: 1*4kB (U) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB
[ 1441.811428][T19318] Node 1 Normal: 5*4kB (UM) 14*8kB (UM) 13*16kB (UM) 10*32kB (UM) 8*64kB (UM) 6*128kB (UM) 7*256kB (UM) 4*512kB (UM) 3*1024kB (M) 3*2048kB (UM) 955*4096kB (UM) = 3926676kB
[ 1441.889775][T19318] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1441.940232][T19318] Node 0 hugepages_total=7 hugepages_free=7 hugepages_surp=0 hugepages_size=2048kB
[ 1441.985929][T19318] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1442.023004][T19318] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1442.067878][T19318] 87812 total pagecache pages
[ 1442.097828][T19318] 53 pages in swap cache
[ 1442.134054][T19318] Free swap  = 124528kB
[ 1442.188306][T19318] Total swap = 124996kB
[ 1442.214749][T19318] 2097051 pages RAM
[ 1442.221590][T19318] 0 pages HighMem/MovableOnly
[ 1442.248124][T19318] 430825 pages reserved
[ 1442.286918][T19318] 0 pages cma reserved
[ 1444.114276][T19441] kvm: kvm [19433]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x1
[ 1445.737447][T19496] netlink: 330 bytes leftover after parsing attributes in process `syz.1.18124'.
[ 1446.648762][T19522] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18133'.
[ 1446.954123][T19538] netlink: 'syz.0.18136': attribute type 4 has an invalid length.
[ 1447.024172][T19538] netlink: 314 bytes leftover after parsing attributes in process `syz.0.18136'.
[ 1448.604689][T19614] sctp: [Deprecated]: syz.3.18145 (pid 19614) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1448.604689][T19614] Use struct sctp_sack_info instead
[ 1449.060615][T19632] netlink: 342 bytes leftover after parsing attributes in process `syz.2.18151'.
[ 1449.567827][T19641] netlink: 342 bytes leftover after parsing attributes in process `syz.3.18153'.
[ 1450.900627][T19670] tc_dump_action: action bad kind
[ 1451.532171][T19684] netlink: 342 bytes leftover after parsing attributes in process `syz.1.18169'.
[ 1452.642502][T19726] netlink: 146 bytes leftover after parsing attributes in process `syz.2.18177'.
[ 1452.878748][T19731] netlink: 'syz.0.18178': attribute type 33 has an invalid length.
[ 1452.960180][T19731] netlink: 322 bytes leftover after parsing attributes in process `syz.0.18178'.
[ 1453.018839][T19731] netlink: 'syz.0.18178': attribute type 33 has an invalid length.
[ 1453.088526][T19731] netlink: 322 bytes leftover after parsing attributes in process `syz.0.18178'.
[ 1453.607786][T19740] netlink: 4 bytes leftover after parsing attributes in process `syz.0.18190'.
[ 1453.676565][T19740] netlink: 25 bytes leftover after parsing attributes in process `syz.0.18190'.
[ 1454.235101][T19749] netlink: 334 bytes leftover after parsing attributes in process `syz.2.18185'.
[ 1457.478419][T19778] netlink: 'syz.1.18192': attribute type 27 has an invalid length.
[ 1457.540065][T19778] netlink: 334 bytes leftover after parsing attributes in process `syz.1.18192'.
[ 1458.656365][T19801] netlink: 334 bytes leftover after parsing attributes in process `syz.1.18202'.
[ 1458.672365][T19802] netlink: 'syz.0.18203': attribute type 27 has an invalid length.
[ 1458.730735][T19802] netlink: 334 bytes leftover after parsing attributes in process `syz.0.18203'.
[ 1460.315565][ T4992] Bluetooth: hci0: Malformed LE Event: 0x0b
[ 1460.557258][ T4992] Bluetooth: hci3: SCO packet for unknown connection handle 0
[ 1464.357690][T19957] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[ 1465.172729][T19981] FAULT_INJECTION: forcing a failure.
[ 1465.172729][T19981] name failslab, interval 1, probability 0, space 0, times 0
[ 1465.269368][T19981] CPU: 0 UID: 0 PID: 19981 Comm: syz.0.18261 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1465.269412][T19981] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1465.269425][T19981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1465.269436][T19981] Call Trace:
[ 1465.269443][T19981]  <TASK>
[ 1465.269451][T19981]  dump_stack_lvl+0x100/0x190
[ 1465.269482][T19981]  should_fail_ex.cold+0x5/0xa
[ 1465.269503][T19981]  ? lsm_blob_alloc+0x68/0x90
[ 1465.269528][T19981]  should_failslab+0xc2/0x120
[ 1465.269548][T19981]  __kmalloc_noprof+0xe0/0x850
[ 1465.269575][T19981]  ? down_write_nested+0x14f/0x200
[ 1465.269606][T19981]  lsm_blob_alloc+0x68/0x90
[ 1465.269632][T19981]  security_sb_alloc+0x25/0x240
[ 1465.269661][T19981]  alloc_super+0x24c/0xd20
[ 1465.269692][T19981]  ? __pfx_mqueue_fill_super+0x10/0x10
[ 1465.269719][T19981]  sget_fc+0x117/0xc70
[ 1465.269746][T19981]  ? __pfx_set_anon_super_fc+0x10/0x10
[ 1465.269773][T19981]  ? __pfx_mqueue_fill_super+0x10/0x10
[ 1465.269800][T19981]  get_tree_nodev+0x28/0x190
[ 1465.269830][T19981]  mqueue_get_tree+0xf1/0x130
[ 1465.269857][T19981]  vfs_get_tree+0x92/0x320
[ 1465.269883][T19981]  fc_mount_longterm+0x1a/0x270
[ 1465.269911][T19981]  mq_init_ns+0x482/0x820
[ 1465.269939][T19981]  copy_ipcs+0x3dd/0x7e0
[ 1465.269960][T19981]  create_new_namespaces+0x20a/0xac0
[ 1465.269980][T19981]  ? security_capable+0x80/0x260
[ 1465.270011][T19981]  unshare_nsproxy_namespaces+0xc3/0x1f0
[ 1465.270035][T19981]  ksys_unshare+0x473/0xad0
[ 1465.270060][T19981]  ? __pfx_ksys_unshare+0x10/0x10
[ 1465.270092][T19981]  __x64_sys_unshare+0x31/0x40
[ 1465.270116][T19981]  do_syscall_64+0x106/0xf80
[ 1465.270142][T19981]  ? clear_bhb_loop+0x40/0x90
[ 1465.270164][T19981]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1465.270183][T19981] RIP: 0033:0x7f3a40b9c799
[ 1465.270199][T19981] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1465.270217][T19981] RSP: 002b:00007f3a41a0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 1465.270236][T19981] RAX: ffffffffffffffda RBX: 00007f3a40e15fa0 RCX: 00007f3a40b9c799
[ 1465.270248][T19981] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000
[ 1465.270259][T19981] RBP: 00007f3a40c32c99 R08: 0000000000000000 R09: 0000000000000000
[ 1465.270270][T19981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1465.270281][T19981] R13: 00007f3a40e16038 R14: 00007f3a40e15fa0 R15: 00007ffdaf7dd168
[ 1465.270303][T19981]  </TASK>
[ 1465.555302][T19985] netlink: 'syz.2.18262': attribute type 4 has an invalid length.
[ 1465.872317][T19996] netlink: 'syz.0.18264': attribute type 4 has an invalid length.
[ 1467.834876][T20049] netlink: 4 bytes leftover after parsing attributes in process `syz.0.18282'.
[ 1470.126392][T20099] netlink: 334 bytes leftover after parsing attributes in process `syz.3.18294'.
[ 1470.610150][T20108] ptrace attach of "./syz-executor exec"[6102] was attempted by ""[20108]
[ 1471.922582][T20131] netlink: 334 bytes leftover after parsing attributes in process `syz.2.18304'.
[ 1474.174572][T20203] netlink: 326 bytes leftover after parsing attributes in process `syz.1.18316'.
[ 1474.506964][T20208] FAULT_INJECTION: forcing a failure.
[ 1474.506964][T20208] name failslab, interval 1, probability 0, space 0, times 0
[ 1474.641455][T20208] CPU: 0 UID: 0 PID: 20208 Comm: syz.0.18317 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1474.641499][T20208] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1474.641512][T20208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1474.641523][T20208] Call Trace:
[ 1474.641530][T20208]  <TASK>
[ 1474.641538][T20208]  dump_stack_lvl+0x100/0x190
[ 1474.641570][T20208]  should_fail_ex.cold+0x5/0xa
[ 1474.641592][T20208]  should_failslab+0xc2/0x120
[ 1474.641613][T20208]  __kvmalloc_node_noprof+0xfa/0xa00
[ 1474.641642][T20208]  ? v4l2_ctrl_new+0x4a6/0x23a0
[ 1474.641677][T20208]  v4l2_ctrl_new+0x4a6/0x23a0
[ 1474.641713][T20208]  ? __pfx_v4l2_ctrl_new+0x10/0x10
[ 1474.641741][T20208]  ? __pfx_v4l2_ctrl_new+0x10/0x10
[ 1474.641779][T20208]  v4l2_ctrl_new_std+0x1bb/0x290
[ 1474.641822][T20208]  ? __pfx_v4l2_ctrl_new_std+0x10/0x10
[ 1474.641851][T20208]  ? __pfx_v4l2_ctrl_new_std+0x10/0x10
[ 1474.641882][T20208]  ? trace_kmalloc+0x101/0x130
[ 1474.641902][T20208]  ? v4l2_ctrl_handler_init_class+0x201/0x350
[ 1474.641932][T20208]  ? lockdep_init_map_type+0x30/0x250
[ 1474.641958][T20208]  ? media_request_object_init+0x105/0x180
[ 1474.641988][T20208]  vim2m_open+0x164/0x830
[ 1474.642016][T20208]  v4l2_open+0x1d2/0x490
[ 1474.642045][T20208]  ? __pfx_v4l2_open+0x10/0x10
[ 1474.642072][T20208]  chrdev_open+0x234/0x6a0
[ 1474.642090][T20208]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1474.642121][T20208]  ? __pfx_chrdev_open+0x10/0x10
[ 1474.642141][T20208]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1474.642166][T20208]  do_dentry_open+0x6d8/0x1660
[ 1474.642184][T20208]  ? __pfx_chrdev_open+0x10/0x10
[ 1474.642208][T20208]  vfs_open+0x82/0x3f0
[ 1474.642234][T20208]  path_openat+0x208c/0x31a0
[ 1474.642260][T20208]  ? __pfx_path_openat+0x10/0x10
[ 1474.642287][T20208]  do_file_open+0x20e/0x430
[ 1474.642308][T20208]  ? __pfx_do_file_open+0x10/0x10
[ 1474.642343][T20208]  ? alloc_fd+0x476/0x790
[ 1474.642363][T20208]  ? do_getname+0x191/0x390
[ 1474.642388][T20208]  do_sys_openat2+0x10d/0x1e0
[ 1474.642412][T20208]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1474.642438][T20208]  ? __fget_files+0x21f/0x3d0
[ 1474.642459][T20208]  __x64_sys_openat+0x12d/0x210
[ 1474.642484][T20208]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1474.642517][T20208]  do_syscall_64+0x106/0xf80
[ 1474.642542][T20208]  ? clear_bhb_loop+0x40/0x90
[ 1474.642565][T20208]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1474.642584][T20208] RIP: 0033:0x7f3a40b9c799
[ 1474.642600][T20208] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1474.642617][T20208] RSP: 002b:00007f3a41a0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1474.642636][T20208] RAX: ffffffffffffffda RBX: 00007f3a40e15fa0 RCX: 00007f3a40b9c799
[ 1474.642649][T20208] RDX: 000000000002aa01 RSI: 0000200000000180 RDI: ffffffffffffff9c
[ 1474.642660][T20208] RBP: 00007f3a40c32c99 R08: 0000000000000000 R09: 0000000000000000
[ 1474.642671][T20208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1474.642682][T20208] R13: 00007f3a40e16038 R14: 00007f3a40e15fa0 R15: 00007ffdaf7dd168
[ 1474.642705][T20208]  </TASK>
[ 1475.953227][T20235] netlink: 334 bytes leftover after parsing attributes in process `syz.1.18327'.
[ 1477.392202][T20255] FAULT_INJECTION: forcing a failure.
[ 1477.392202][T20255] name failslab, interval 1, probability 0, space 0, times 0
[ 1477.497019][T20255] CPU: 0 UID: 0 PID: 20255 Comm: syz.2.18333 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1477.497063][T20255] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1477.497075][T20255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1477.497087][T20255] Call Trace:
[ 1477.497094][T20255]  <TASK>
[ 1477.497102][T20255]  dump_stack_lvl+0x100/0x190
[ 1477.497135][T20255]  should_fail_ex.cold+0x5/0xa
[ 1477.497157][T20255]  should_failslab+0xc2/0x120
[ 1477.497178][T20255]  __kmalloc_cache_noprof+0x7a/0x6f0
[ 1477.497202][T20255]  ? snd_virmidi_output_open+0xc4/0x670
[ 1477.497228][T20255]  snd_virmidi_output_open+0xc4/0x670
[ 1477.497250][T20255]  open_substream+0x480/0x9e0
[ 1477.497274][T20255]  rawmidi_open_priv+0x595/0x6f0
[ 1477.497302][T20255]  snd_rawmidi_open+0x4c9/0xba0
[ 1477.497330][T20255]  ? __pfx_snd_rawmidi_open+0x10/0x10
[ 1477.497356][T20255]  ? __pfx_default_wake_function+0x10/0x10
[ 1477.497377][T20255]  ? soundcore_open+0x231/0x5a0
[ 1477.497394][T20255]  ? soundcore_open+0x231/0x5a0
[ 1477.497414][T20255]  ? __pfx_snd_rawmidi_open+0x10/0x10
[ 1477.497440][T20255]  soundcore_open+0x2e3/0x5a0
[ 1477.497460][T20255]  ? __pfx_soundcore_open+0x10/0x10
[ 1477.497478][T20255]  chrdev_open+0x234/0x6a0
[ 1477.497496][T20255]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1477.497526][T20255]  ? __pfx_chrdev_open+0x10/0x10
[ 1477.497546][T20255]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1477.497571][T20255]  do_dentry_open+0x6d8/0x1660
[ 1477.497589][T20255]  ? __pfx_chrdev_open+0x10/0x10
[ 1477.497612][T20255]  vfs_open+0x82/0x3f0
[ 1477.497639][T20255]  path_openat+0x208c/0x31a0
[ 1477.497665][T20255]  ? __pfx_path_openat+0x10/0x10
[ 1477.497692][T20255]  do_file_open+0x20e/0x430
[ 1477.497712][T20255]  ? __pfx_do_file_open+0x10/0x10
[ 1477.497754][T20255]  ? alloc_fd+0x476/0x790
[ 1477.497775][T20255]  ? do_getname+0x191/0x390
[ 1477.497799][T20255]  do_sys_openat2+0x10d/0x1e0
[ 1477.497823][T20255]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1477.497850][T20255]  ? __fget_files+0x21f/0x3d0
[ 1477.497871][T20255]  __x64_sys_openat+0x12d/0x210
[ 1477.497896][T20255]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1477.497930][T20255]  do_syscall_64+0x106/0xf80
[ 1477.497955][T20255]  ? clear_bhb_loop+0x40/0x90
[ 1477.497978][T20255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1477.497997][T20255] RIP: 0033:0x7f183a19c799
[ 1477.498014][T20255] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1477.498032][T20255] RSP: 002b:00007f183afc0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1477.498051][T20255] RAX: ffffffffffffffda RBX: 00007f183a415fa0 RCX: 00007f183a19c799
[ 1477.498063][T20255] RDX: 0000000000060c01 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1477.498074][T20255] RBP: 00007f183a232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1477.498085][T20255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1477.498096][T20255] R13: 00007f183a416038 R14: 00007f183a415fa0 R15: 00007ffed2142308
[ 1477.498120][T20255]  </TASK>
[ 1477.969664][T20262] netlink: 25 bytes leftover after parsing attributes in process `syz.1.18336'.
[ 1478.106552][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1478.114674][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[ 1480.364054][T20313] netlink: 334 bytes leftover after parsing attributes in process `syz.3.18348'.
[ 1480.427377][T20313] netlink: 334 bytes leftover after parsing attributes in process `syz.3.18348'.
[ 1481.539571][T20316] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1481.587097][T20316] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1481.626557][T20316] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1481.659093][T20316] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1481.691850][T20316] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1481.816221][T20316] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1482.268543][T20341] netlink: 146 bytes leftover after parsing attributes in process `syz.2.18358'.
[ 1482.599878][T20351] netlink: 330 bytes leftover after parsing attributes in process `syz.1.18362'.
[ 1482.972834][ T4992] Bluetooth: hci0: command 0x0406 tx timeout
[ 1483.609510][ T4992] Bluetooth: hci1: command 0x0406 tx timeout
[ 1483.689712][ T4992] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1483.695780][ T4992] Bluetooth: hci2: command 0x2016 tx timeout
[ 1484.130540][T20400] FAULT_INJECTION: forcing a failure.
[ 1484.130540][T20400] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1484.219108][T20400] CPU: 0 UID: 0 PID: 20400 Comm: syz.0.18378 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1484.219153][T20400] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1484.219165][T20400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1484.219176][T20400] Call Trace:
[ 1484.219183][T20400]  <TASK>
[ 1484.219191][T20400]  dump_stack_lvl+0x100/0x190
[ 1484.219224][T20400]  should_fail_ex.cold+0x5/0xa
[ 1484.219242][T20400]  ? prepare_alloc_pages+0x16d/0x5f0
[ 1484.219266][T20400]  should_fail_alloc_page+0xeb/0x140
[ 1484.219287][T20400]  prepare_alloc_pages+0x1f0/0x5f0
[ 1484.219313][T20400]  __alloc_frozen_pages_noprof+0x19a/0x2ba0
[ 1484.219346][T20400]  ? __lock_acquire+0x4a5/0x2630
[ 1484.219376][T20400]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1484.219407][T20400]  ? do_raw_spin_lock+0x128/0x260
[ 1484.219434][T20400]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1484.219461][T20400]  ? find_held_lock+0x2b/0x80
[ 1484.219491][T20400]  ? __lock_acquire+0x4a5/0x2630
[ 1484.219515][T20400]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1484.219547][T20400]  ? policy_nodemask+0xed/0x4f0
[ 1484.219568][T20400]  alloc_pages_mpol+0x1fb/0x550
[ 1484.219588][T20400]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1484.219608][T20400]  ? __folio_batch_add_and_move+0x5e5/0xc60
[ 1484.219638][T20400]  ? __folio_batch_add_and_move+0x5e5/0xc60
[ 1484.219671][T20400]  folio_alloc_mpol_noprof+0x36/0x340
[ 1484.219697][T20400]  shmem_alloc_folio+0x135/0x160
[ 1484.219722][T20400]  shmem_alloc_and_add_folio+0x371/0xd40
[ 1484.219755][T20400]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[ 1484.219785][T20400]  ? shmem_allowable_huge_orders+0x2bd/0x400
[ 1484.219813][T20400]  ? __lock_acquire+0x400/0x2630
[ 1484.219840][T20400]  shmem_get_folio_gfp+0x6ab/0x1900
[ 1484.219873][T20400]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[ 1484.219902][T20400]  ? __pfx___might_resched+0x10/0x10
[ 1484.219929][T20400]  ? noop_dirty_folio+0xfd/0x160
[ 1484.219950][T20400]  shmem_fallocate+0x6d7/0x1060
[ 1484.219988][T20400]  ? __pfx_shmem_fallocate+0x10/0x10
[ 1484.220015][T20400]  ? aa_file_perm+0x7f3/0x14d0
[ 1484.220051][T20400]  ? __lock_acquire+0x4a5/0x2630
[ 1484.220091][T20400]  ? __pfx_shmem_fallocate+0x10/0x10
[ 1484.220120][T20400]  vfs_fallocate+0x576/0x10d0
[ 1484.220141][T20400]  ? __pfx_vfs_fallocate+0x10/0x10
[ 1484.220166][T20400]  __x64_sys_fallocate+0xd5/0x140
[ 1484.220189][T20400]  do_syscall_64+0x106/0xf80
[ 1484.220214][T20400]  ? clear_bhb_loop+0x40/0x90
[ 1484.220237][T20400]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1484.220256][T20400] RIP: 0033:0x7f3a40b9c799
[ 1484.220272][T20400] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1484.220290][T20400] RSP: 002b:00007f3a41a0b028 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 1484.220308][T20400] RAX: ffffffffffffffda RBX: 00007f3a40e15fa0 RCX: 00007f3a40b9c799
[ 1484.220320][T20400] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000005
[ 1484.220330][T20400] RBP: 00007f3a40c32c99 R08: 0000000000000000 R09: 0000000000000000
[ 1484.220341][T20400] R10: 00000000004cbd5d R11: 0000000000000246 R12: 0000000000000000
[ 1484.220352][T20400] R13: 00007f3a40e16038 R14: 00007f3a40e15fa0 R15: 00007ffdaf7dd168
[ 1484.220375][T20400]  </TASK>
[ 1485.735732][T20412] FAULT_INJECTION: forcing a failure.
[ 1485.735732][T20412] name failslab, interval 1, probability 0, space 0, times 0
[ 1485.841191][T20412] CPU: 0 UID: 0 PID: 20412 Comm: syz.3.18382 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1485.841236][T20412] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1485.841248][T20412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1485.841259][T20412] Call Trace:
[ 1485.841267][T20412]  <TASK>
[ 1485.841275][T20412]  dump_stack_lvl+0x100/0x190
[ 1485.841307][T20412]  should_fail_ex.cold+0x5/0xa
[ 1485.841330][T20412]  should_failslab+0xc2/0x120
[ 1485.841351][T20412]  __kmalloc_cache_noprof+0x7a/0x6f0
[ 1485.841376][T20412]  ? snd_virmidi_output_open+0xc4/0x670
[ 1485.841401][T20412]  snd_virmidi_output_open+0xc4/0x670
[ 1485.841433][T20412]  open_substream+0x480/0x9e0
[ 1485.841459][T20412]  rawmidi_open_priv+0x595/0x6f0
[ 1485.841492][T20412]  snd_rawmidi_open+0x4c9/0xba0
[ 1485.841522][T20412]  ? __pfx_snd_rawmidi_open+0x10/0x10
[ 1485.841550][T20412]  ? __pfx_default_wake_function+0x10/0x10
[ 1485.841571][T20412]  ? soundcore_open+0x231/0x5a0
[ 1485.841588][T20412]  ? soundcore_open+0x231/0x5a0
[ 1485.841607][T20412]  ? __pfx_snd_rawmidi_open+0x10/0x10
[ 1485.841633][T20412]  soundcore_open+0x2e3/0x5a0
[ 1485.841653][T20412]  ? __pfx_soundcore_open+0x10/0x10
[ 1485.841671][T20412]  chrdev_open+0x234/0x6a0
[ 1485.841689][T20412]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1485.841718][T20412]  ? __pfx_chrdev_open+0x10/0x10
[ 1485.841738][T20412]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1485.841763][T20412]  do_dentry_open+0x6d8/0x1660
[ 1485.841781][T20412]  ? __pfx_chrdev_open+0x10/0x10
[ 1485.841805][T20412]  vfs_open+0x82/0x3f0
[ 1485.841831][T20412]  path_openat+0x208c/0x31a0
[ 1485.841858][T20412]  ? __pfx_path_openat+0x10/0x10
[ 1485.841886][T20412]  do_file_open+0x20e/0x430
[ 1485.841907][T20412]  ? __pfx_do_file_open+0x10/0x10
[ 1485.841944][T20412]  ? alloc_fd+0x476/0x790
[ 1485.841964][T20412]  ? do_getname+0x191/0x390
[ 1485.841989][T20412]  do_sys_openat2+0x10d/0x1e0
[ 1485.842014][T20412]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1485.842039][T20412]  ? __fget_files+0x21f/0x3d0
[ 1485.842061][T20412]  __x64_sys_openat+0x12d/0x210
[ 1485.842086][T20412]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1485.842120][T20412]  do_syscall_64+0x106/0xf80
[ 1485.842145][T20412]  ? clear_bhb_loop+0x40/0x90
[ 1485.842168][T20412]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1485.842187][T20412] RIP: 0033:0x7fe5cf19c799
[ 1485.842202][T20412] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1485.842221][T20412] RSP: 002b:00007fe5d0051028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1485.842240][T20412] RAX: ffffffffffffffda RBX: 00007fe5cf415fa0 RCX: 00007fe5cf19c799
[ 1485.842252][T20412] RDX: 0000000000060c01 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1485.842263][T20412] RBP: 00007fe5cf232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1485.842274][T20412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1485.842286][T20412] R13: 00007fe5cf416038 R14: 00007fe5cf415fa0 R15: 00007ffefc437498
[ 1485.842309][T20412]  </TASK>
[ 1486.437702][ T4992] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1488.465332][T15724] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1488.722510][T20484] netlink: 342 bytes leftover after parsing attributes in process `syz.3.18393'.
[ 1491.442763][T20562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000
[ 1491.510589][T20562] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1491.579010][T20562] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1491.609931][T20562] page_type: f5(slab)
[ 1491.657619][T20562] raw: 00fff00000000040 ffff88813fe3d140 dead000000000100 dead000000000122
[ 1491.698735][T20562] raw: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000
[ 1491.767083][T20562] head: 00fff00000000040 ffff88813fe3d140 dead000000000100 dead000000000122
[ 1491.822096][T20562] head: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000
[ 1491.889510][T20562] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[ 1491.957176][T20562] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1492.018411][T20562] page dumped because: unmovable page
[ 1492.090448][T20562] page_owner tracks the page as allocated
[ 1492.138177][T20562] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5210, tgid 5210 (udevd), ts 35351639686, free_ts 27436120393
[ 1492.254611][T20562]  post_alloc_hook+0x153/0x170
[ 1492.283338][T20562]  get_page_from_freelist+0x111d/0x3140
[ 1492.315275][T20562]  __alloc_frozen_pages_noprof+0x27c/0x2ba0
[ 1492.349696][T20562]  new_slab+0xa6/0x6b0
[ 1492.374468][T20562]  refill_objects+0x26b/0x400
[ 1492.402426][T20562]  __pcs_replace_empty_main+0x1ab/0x660
[ 1492.433643][T20562]  __kmalloc_cache_noprof+0x493/0x6f0
[ 1492.470844][T20562]  tomoyo_dump_page+0x4e4/0x630
[ 1492.497803][T20562]  tomoyo_init_log+0xde2/0x20c0
[ 1492.528946][T20562]  tomoyo_supervisor+0x506/0x1340
[ 1492.556852][T20562]  tomoyo_env_perm+0x191/0x200
[ 1492.583189][T20562]  tomoyo_find_next_domain+0x13d7/0x2010
[ 1492.603185][T20574] netlink: 342 bytes leftover after parsing attributes in process `syz.2.18413'.
[ 1492.633174][T20562]  tomoyo_bprm_check_security+0x12d/0x1d0
[ 1492.649179][T20562]  security_bprm_check+0x87/0x1e0
[ 1492.674695][T20562]  bprm_execve+0x84b/0x1680
[ 1492.700309][T20562]  do_execveat_common.isra.0+0x4a5/0x580
[ 1492.732413][T20562] page last free pid 1 tgid 1 stack trace:
[ 1492.764129][T20562]  __free_frozen_pages+0x7e1/0x10d0
[ 1492.801094][T20562]  free_contig_range+0xde/0x1d0
[ 1492.828756][T20562]  destroy_args+0xa8/0x7a0
[ 1492.857111][T20562]  debug_vm_pgtable+0x1b66/0x34c0
[ 1492.883804][T20562]  do_one_initcall+0x11d/0x760
[ 1492.909346][T20562]  kernel_init_freeable+0x6e5/0x7a0
[ 1492.957058][T20562]  kernel_init+0x1f/0x1e0
[ 1492.998042][T20562]  ret_from_fork+0x754/0xd80
[ 1493.020298][T20562]  ret_from_fork_asm+0x1a/0x30
[ 1493.801910][T20592] vcan0: tx drop: invalid da for name 0x000000000000003f
[ 1496.856247][T20654] netlink: 342 bytes leftover after parsing attributes in process `syz.1.18443'.
[ 1497.664735][T20681] FAULT_INJECTION: forcing a failure.
[ 1497.664735][T20681] name failslab, interval 1, probability 0, space 0, times 0
[ 1497.749915][T20681] CPU: 0 UID: 0 PID: 20681 Comm: syz.0.18451 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1497.749961][T20681] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1497.749974][T20681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1497.749986][T20681] Call Trace:
[ 1497.749994][T20681]  <TASK>
[ 1497.750002][T20681]  dump_stack_lvl+0x100/0x190
[ 1497.750034][T20681]  should_fail_ex.cold+0x5/0xa
[ 1497.750056][T20681]  ? argv_split+0x173/0x420
[ 1497.750078][T20681]  should_failslab+0xc2/0x120
[ 1497.750098][T20681]  __kmalloc_noprof+0xe0/0x850
[ 1497.750125][T20681]  ? __asan_memcpy+0x3c/0x60
[ 1497.750154][T20681]  argv_split+0x173/0x420
[ 1497.750178][T20681]  ? __pfx___trace_eprobe_create+0x10/0x10
[ 1497.750203][T20681]  trace_probe_create+0x7d/0x100
[ 1497.750232][T20681]  ? __pfx_trace_probe_create+0x10/0x10
[ 1497.750267][T20681]  create_dyn_event+0xee/0x1d0
[ 1497.750291][T20681]  trace_parse_run_command+0x1ab/0x3b0
[ 1497.750319][T20681]  ? __pfx_create_dyn_event+0x10/0x10
[ 1497.750367][T20681]  vfs_write+0x2aa/0x1070
[ 1497.750386][T20681]  ? __pfx_dyn_event_write+0x10/0x10
[ 1497.750411][T20681]  ? __pfx_vfs_write+0x10/0x10
[ 1497.750440][T20681]  ? __fget_files+0x215/0x3d0
[ 1497.750463][T20681]  ? __fget_files+0x21f/0x3d0
[ 1497.750488][T20681]  ksys_write+0x12a/0x250
[ 1497.750506][T20681]  ? __pfx_ksys_write+0x10/0x10
[ 1497.750530][T20681]  do_syscall_64+0x106/0xf80
[ 1497.750556][T20681]  ? clear_bhb_loop+0x40/0x90
[ 1497.750579][T20681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1497.750599][T20681] RIP: 0033:0x7f3a40b9c799
[ 1497.750614][T20681] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1497.750632][T20681] RSP: 002b:00007f3a41a0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1497.750650][T20681] RAX: ffffffffffffffda RBX: 00007f3a40e15fa0 RCX: 00007f3a40b9c799
[ 1497.750662][T20681] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000005
[ 1497.750673][T20681] RBP: 00007f3a40c32c99 R08: 0000000000000000 R09: 0000000000000000
[ 1497.750683][T20681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1497.750694][T20681] R13: 00007f3a40e16038 R14: 00007f3a40e15fa0 R15: 00007ffdaf7dd168
[ 1497.750717][T20681]  </TASK>
[ 1498.614627][T20699] netlink: 'syz.3.18453': attribute type 19 has an invalid length.
[ 1498.644493][T20699] netlink: 334 bytes leftover after parsing attributes in process `syz.3.18453'.
[ 1499.784633][T20742] netlink: 'syz.0.18462': attribute type 28 has an invalid length.
[ 1499.852528][T20742] netlink: 334 bytes leftover after parsing attributes in process `syz.0.18462'.
[ 1502.209023][T20807] random: crng reseeded on system resumption
[ 1503.660520][T20841] ERROR: Out of memory at tomoyo_memory_ok.
[ 1503.700291][T20841] ERROR: Domain '<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/syz-executor /root/syz-executor /newroot/4425/file0' not defined.
[ 1504.404061][T20863] netlink: 198 bytes leftover after parsing attributes in process `syz.2.18499'.
[ 1506.881766][T20929] netlink: 334 bytes leftover after parsing attributes in process `syz.2.18517'.
[ 1509.987526][T20959] netlink: 334 bytes leftover after parsing attributes in process `syz.1.18528'.
[ 1516.252042][T21097] netlink: 74 bytes leftover after parsing attributes in process `syz.1.18570'.
[ 1517.337494][T21115] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[ 1518.721594][T21138] zswap: compressor  not available
[ 1518.978518][T21152] netlink: 302 bytes leftover after parsing attributes in process `syz.2.18590'.
[ 1519.349268][T21162] netlink: 342 bytes leftover after parsing attributes in process `syz.2.18594'.
[ 1519.441008][T21162] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1519.513437][T21164] netlink: 342 bytes leftover after parsing attributes in process `syz.2.18594'.
[ 1519.588194][T21162] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1519.595877][T21162] IPv6: NLM_F_CREATE should be set when creating new route
[ 1519.603132][T21162] IPv6: NLM_F_CREATE should be set when creating new route
[ 1519.732515][T21164] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1521.115671][T21184] mkiss: ax0: crc mode is auto.
[ 1523.077454][T21226] FAULT_INJECTION: forcing a failure.
[ 1523.077454][T21226] name failslab, interval 1, probability 0, space 0, times 0
[ 1523.267931][T21226] CPU: 0 UID: 0 PID: 21226 Comm: syz.3.18615 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1523.267976][T21226] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1523.267989][T21226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1523.268007][T21226] Call Trace:
[ 1523.268014][T21226]  <TASK>
[ 1523.268022][T21226]  dump_stack_lvl+0x100/0x190
[ 1523.268055][T21226]  should_fail_ex.cold+0x5/0xa
[ 1523.268078][T21226]  ? tracepoint_add_func+0x2c5/0xf30
[ 1523.268097][T21226]  should_failslab+0xc2/0x120
[ 1523.268117][T21226]  __kmalloc_noprof+0xe0/0x850
[ 1523.268150][T21226]  tracepoint_add_func+0x2c5/0xf30
[ 1523.268167][T21226]  ? __pfx_probe_sched_wakeup+0x10/0x10
[ 1523.268191][T21226]  ? __pfx_probe_sched_wakeup+0x10/0x10
[ 1523.268209][T21226]  tracepoint_probe_register+0xc4/0x110
[ 1523.268229][T21226]  ? __pfx_tracepoint_probe_register+0x10/0x10
[ 1523.268249][T21226]  ? __pfx_probe_sched_wakeup+0x10/0x10
[ 1523.268268][T21226]  ? __lock_acquire+0x4a5/0x2630
[ 1523.268297][T21226]  tracing_start_sched_switch+0xaf/0x170
[ 1523.268327][T21226]  __ftrace_event_enable_disable+0x557/0x6f0
[ 1523.268351][T21226]  __ftrace_set_clr_event_nolock+0x390/0xc30
[ 1523.268380][T21226]  ftrace_set_clr_event+0x16e/0x330
[ 1523.268405][T21226]  ? __pfx_ftrace_set_clr_event+0x10/0x10
[ 1523.268429][T21226]  ? trace_get_user+0x3ae/0xa70
[ 1523.268454][T21226]  ftrace_event_write+0x259/0x2c0
[ 1523.268480][T21226]  ? __pfx_ftrace_event_write+0x10/0x10
[ 1523.268514][T21226]  vfs_write+0x2aa/0x1070
[ 1523.268532][T21226]  ? __pfx_ftrace_event_write+0x10/0x10
[ 1523.268558][T21226]  ? __pfx_vfs_write+0x10/0x10
[ 1523.268587][T21226]  ? __fget_files+0x215/0x3d0
[ 1523.268610][T21226]  ? __fget_files+0x21f/0x3d0
[ 1523.268633][T21226]  ksys_write+0x12a/0x250
[ 1523.268651][T21226]  ? __pfx_ksys_write+0x10/0x10
[ 1523.268675][T21226]  do_syscall_64+0x106/0xf80
[ 1523.268700][T21226]  ? clear_bhb_loop+0x40/0x90
[ 1523.268727][T21226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1523.268746][T21226] RIP: 0033:0x7fe5cf19c799
[ 1523.268763][T21226] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1523.268783][T21226] RSP: 002b:00007fe5d0051028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1523.268805][T21226] RAX: ffffffffffffffda RBX: 00007fe5cf415fa0 RCX: 00007fe5cf19c799
[ 1523.268820][T21226] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 0000000000000005
[ 1523.268831][T21226] RBP: 00007fe5cf232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1523.268842][T21226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1523.268853][T21226] R13: 00007fe5cf416038 R14: 00007fe5cf415fa0 R15: 00007ffefc437498
[ 1523.268877][T21226]  </TASK>
[ 1523.268886][T21226] wakeup trace: Couldn't activate tracepoint probe to kernel_sched_wakeup
[ 1524.237339][T21241] netlink: 334 bytes leftover after parsing attributes in process `syz.0.18621'.
[ 1524.289836][T21241] netlink: 334 bytes leftover after parsing attributes in process `syz.0.18621'.
[ 1524.802312][T21250] netlink: 'syz.0.18624': attribute type 64 has an invalid length.
[ 1524.843992][T21250] netlink: 74 bytes leftover after parsing attributes in process `syz.0.18624'.
[ 1525.467573][T21266] netlink: 330 bytes leftover after parsing attributes in process `syz.1.18629'.
[ 1526.737219][T21299] netlink: 21 bytes leftover after parsing attributes in process `syz.0.18634'.
[ 1529.288622][T21355] UHID_CREATE from different security context by process 370 (syz.3.18654), this is not allowed.
[ 1529.362785][T21357] netlink: 338 bytes leftover after parsing attributes in process `syz.2.18656'.
[ 1532.352290][T21407] kvm: user requested TSC rate below hardware speed
[ 1532.492778][T21414] netlink: 342 bytes leftover after parsing attributes in process `syz.2.18679'.
[ 1533.076475][T21426] netlink: 130 bytes leftover after parsing attributes in process `syz.2.18684'.
[ 1533.404297][T21433] netlink: 146 bytes leftover after parsing attributes in process `syz.2.18687'.
[ 1533.606001][T21436] FAULT_INJECTION: forcing a failure.
[ 1533.606001][T21436] name failslab, interval 1, probability 0, space 0, times 0
[ 1533.654471][T21438] bridge0: port 2(netdevsim1) entered blocking state
[ 1533.678030][T21436] CPU: 0 UID: 0 PID: 21436 Comm: syz.3.18688 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1533.678074][T21436] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1533.678087][T21436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1533.678098][T21436] Call Trace:
[ 1533.678105][T21436]  <TASK>
[ 1533.678113][T21436]  dump_stack_lvl+0x100/0x190
[ 1533.678145][T21436]  should_fail_ex.cold+0x5/0xa
[ 1533.678166][T21436]  should_failslab+0xc2/0x120
[ 1533.678187][T21436]  kmem_cache_alloc_lru_noprof+0x80/0x6e0
[ 1533.678216][T21436]  ? __d_alloc+0x34/0xa80
[ 1533.678241][T21436]  __d_alloc+0x34/0xa80
[ 1533.678263][T21436]  d_alloc_pseudo+0x1c/0xc0
[ 1533.678288][T21436]  alloc_file_pseudo+0xcf/0x230
[ 1533.678313][T21436]  ? __pfx_alloc_file_pseudo+0x10/0x10
[ 1533.678338][T21436]  ? tipc_sk_finish_conn+0x600/0x7a0
[ 1533.678370][T21436]  sock_alloc_file+0x50/0x210
[ 1533.678398][T21436]  __sys_socketpair+0x353/0x5b0
[ 1533.678421][T21436]  ? __pfx___sys_socketpair+0x10/0x10
[ 1533.678441][T21436]  ? __pfx_ksys_mmap_pgoff+0x10/0x10
[ 1533.678461][T21436]  ? xfd_validate_state+0x129/0x190
[ 1533.678493][T21436]  __x64_sys_socketpair+0x96/0x100
[ 1533.678514][T21436]  ? lockdep_hardirqs_on+0x78/0x100
[ 1533.678540][T21436]  do_syscall_64+0x106/0xf80
[ 1533.678564][T21436]  ? clear_bhb_loop+0x40/0x90
[ 1533.678586][T21436]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1533.678605][T21436] RIP: 0033:0x7fe5cf19c799
[ 1533.678621][T21436] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1533.678639][T21436] RSP: 002b:00007fe5d0051028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[ 1533.678657][T21436] RAX: ffffffffffffffda RBX: 00007fe5cf415fa0 RCX: 00007fe5cf19c799
[ 1533.678669][T21436] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 000000000000001e
[ 1533.678680][T21436] RBP: 00007fe5cf232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1533.678691][T21436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1533.678701][T21436] R13: 00007fe5cf416038 R14: 00007fe5cf415fa0 R15: 00007ffefc437498
[ 1533.678723][T21436]  </TASK>
[ 1533.903762][T21438] bridge0: port 2(netdevsim1) entered disabled state
[ 1533.912636][T21438] netdevsim netdevsim1 netdevsim1: entered allmulticast mode
[ 1533.921582][T21438] netdevsim netdevsim1 netdevsim1: entered promiscuous mode
[ 1533.929475][T21438] bridge0: port 2(netdevsim1) entered blocking state
[ 1533.936231][T21438] bridge0: port 2(netdevsim1) entered forwarding state
[ 1535.282448][T21460] random: crng reseeded on system resumption
[ 1535.655452][T21470] FAULT_INJECTION: forcing a failure.
[ 1535.655452][T21470] name failslab, interval 1, probability 0, space 0, times 0
[ 1535.768251][T21470] CPU: 0 UID: 0 PID: 21470 Comm: syz.3.18701 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1535.768295][T21470] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1535.768308][T21470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1535.768319][T21470] Call Trace:
[ 1535.768326][T21470]  <TASK>
[ 1535.768334][T21470]  dump_stack_lvl+0x100/0x190
[ 1535.768366][T21470]  should_fail_ex.cold+0x5/0xa
[ 1535.768387][T21470]  should_failslab+0xc2/0x120
[ 1535.768408][T21470]  __kmalloc_cache_noprof+0x7a/0x6f0
[ 1535.768433][T21470]  ? mon_text_open+0x1d9/0x510
[ 1535.768450][T21470]  ? lockdep_init_map_type+0x5c/0x250
[ 1535.768478][T21470]  ? __pfx_mon_text_open+0x10/0x10
[ 1535.768494][T21470]  mon_text_open+0x1d9/0x510
[ 1535.768512][T21470]  ? __pfx_mon_text_open+0x10/0x10
[ 1535.768530][T21470]  ? __debugfs_file_get+0x1fc/0x860
[ 1535.768556][T21470]  ? __pfx___debugfs_file_get+0x10/0x10
[ 1535.768583][T21470]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1535.768611][T21470]  ? lockdown_is_locked_down+0x3d/0x140
[ 1535.768637][T21470]  ? bpf_lsm_locked_down+0x9/0x10
[ 1535.768660][T21470]  ? __pfx_mon_text_open+0x10/0x10
[ 1535.768676][T21470]  full_proxy_open_regular+0x1b6/0x370
[ 1535.768706][T21470]  do_dentry_open+0x6d8/0x1660
[ 1535.768726][T21470]  ? __pfx_full_proxy_open_regular+0x10/0x10
[ 1535.768759][T21470]  vfs_open+0x82/0x3f0
[ 1535.768785][T21470]  path_openat+0x208c/0x31a0
[ 1535.768811][T21470]  ? __pfx_path_openat+0x10/0x10
[ 1535.768846][T21470]  do_file_open+0x20e/0x430
[ 1535.768868][T21470]  ? __pfx_do_file_open+0x10/0x10
[ 1535.768902][T21470]  ? alloc_fd+0x476/0x790
[ 1535.768922][T21470]  ? do_getname+0x191/0x390
[ 1535.768947][T21470]  do_sys_openat2+0x10d/0x1e0
[ 1535.768972][T21470]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1535.768999][T21470]  ? __fget_files+0x21f/0x3d0
[ 1535.769021][T21470]  __x64_sys_openat+0x12d/0x210
[ 1535.769047][T21470]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1535.769081][T21470]  do_syscall_64+0x106/0xf80
[ 1535.769107][T21470]  ? clear_bhb_loop+0x40/0x90
[ 1535.769129][T21470]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1535.769149][T21470] RIP: 0033:0x7fe5cf19c799
[ 1535.769164][T21470] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1535.769182][T21470] RSP: 002b:00007fe5d0051028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1535.769201][T21470] RAX: ffffffffffffffda RBX: 00007fe5cf415fa0 RCX: 00007fe5cf19c799
[ 1535.769213][T21470] RDX: 0000000000080080 RSI: 0000200000000280 RDI: ffffffffffffff9c
[ 1535.769224][T21470] RBP: 00007fe5cf232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1535.769235][T21470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1535.769245][T21470] R13: 00007fe5cf416038 R14: 00007fe5cf415fa0 R15: 00007ffefc437498
[ 1535.769268][T21470]  </TASK>
[ 1536.832939][T21488] FAULT_INJECTION: forcing a failure.
[ 1536.832939][T21488] name failslab, interval 1, probability 0, space 0, times 0
[ 1536.897326][T21488] CPU: 0 UID: 0 PID: 21488 Comm: syz.2.18705 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1536.897371][T21488] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1536.897384][T21488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1536.897395][T21488] Call Trace:
[ 1536.897402][T21488]  <TASK>
[ 1536.897411][T21488]  dump_stack_lvl+0x100/0x190
[ 1536.897460][T21488]  should_fail_ex.cold+0x5/0xa
[ 1536.897483][T21488]  should_failslab+0xc2/0x120
[ 1536.897503][T21488]  __kmalloc_cache_noprof+0x7a/0x6f0
[ 1536.897528][T21488]  ? mtdchar_open+0x1e5/0x340
[ 1536.897547][T21488]  ? find_held_lock+0x2b/0x80
[ 1536.897564][T21488]  ? chrdev_open+0x10b/0x6a0
[ 1536.897586][T21488]  mtdchar_open+0x1e5/0x340
[ 1536.897605][T21488]  ? __pfx_mtdchar_open+0x10/0x10
[ 1536.897622][T21488]  chrdev_open+0x234/0x6a0
[ 1536.897640][T21488]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1536.897670][T21488]  ? __pfx_chrdev_open+0x10/0x10
[ 1536.897690][T21488]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1536.897714][T21488]  do_dentry_open+0x6d8/0x1660
[ 1536.897732][T21488]  ? __pfx_chrdev_open+0x10/0x10
[ 1536.897787][T21488]  vfs_open+0x82/0x3f0
[ 1536.897814][T21488]  path_openat+0x208c/0x31a0
[ 1536.897840][T21488]  ? __pfx_path_openat+0x10/0x10
[ 1536.897867][T21488]  do_file_open+0x20e/0x430
[ 1536.897888][T21488]  ? __pfx_do_file_open+0x10/0x10
[ 1536.897923][T21488]  ? alloc_fd+0x476/0x790
[ 1536.897943][T21488]  ? do_getname+0x191/0x390
[ 1536.897968][T21488]  do_sys_openat2+0x10d/0x1e0
[ 1536.897993][T21488]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1536.898020][T21488]  ? __fget_files+0x21f/0x3d0
[ 1536.898042][T21488]  __x64_sys_openat+0x12d/0x210
[ 1536.898068][T21488]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1536.898100][T21488]  do_syscall_64+0x106/0xf80
[ 1536.898126][T21488]  ? clear_bhb_loop+0x40/0x90
[ 1536.898148][T21488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1536.898167][T21488] RIP: 0033:0x7f183a19c799
[ 1536.898184][T21488] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1536.898202][T21488] RSP: 002b:00007f183afc0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1536.898221][T21488] RAX: ffffffffffffffda RBX: 00007f183a415fa0 RCX: 00007f183a19c799
[ 1536.898233][T21488] RDX: 0000000000002c00 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1536.898244][T21488] RBP: 00007f183a232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1536.898255][T21488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1536.898266][T21488] R13: 00007f183a416038 R14: 00007f183a415fa0 R15: 00007ffed2142308
[ 1536.898288][T21488]  </TASK>
[ 1537.724995][T21506] netlink: 334 bytes leftover after parsing attributes in process `syz.2.18719'.
[ 1538.927533][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1538.934220][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[ 1539.384636][T21548] bridge0: port 3(netdevsim1) entered blocking state
[ 1539.450248][T21548] bridge0: port 3(netdevsim1) entered disabled state
[ 1539.457248][T21548] netdevsim netdevsim3 netdevsim1: entered allmulticast mode
[ 1539.549138][T21548] netdevsim netdevsim3 netdevsim1: entered promiscuous mode
[ 1539.609210][T21548] bridge0: port 3(netdevsim1) entered blocking state
[ 1539.616104][T21548] bridge0: port 3(netdevsim1) entered forwarding state
[ 1539.672388][T21501] kexec: Could not allocate control_code_buffer
[ 1540.653924][T21575] netlink: 330 bytes leftover after parsing attributes in process `syz.3.18730'.
[ 1540.722222][T21575] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1541.039009][T21584] netlink: 334 bytes leftover after parsing attributes in process `syz.3.18734'.
[ 1541.112483][T21588] netlink: 146 bytes leftover after parsing attributes in process `syz.0.18736'.
[ 1541.413508][T21590] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18737'.
[ 1541.490953][T21590] netlink: 17 bytes leftover after parsing attributes in process `syz.3.18737'.
[ 1541.646400][T21597] netlink: 334 bytes leftover after parsing attributes in process `syz.2.18740'.
[ 1546.396448][T21659] netlink: 334 bytes leftover after parsing attributes in process `syz.2.18755'.
[ 1546.937753][T21674] netlink: 146 bytes leftover after parsing attributes in process `syz.0.18759'.
[ 1547.482645][T21676] netlink: 334 bytes leftover after parsing attributes in process `syz.2.18758'.
[ 1550.284530][T21747] netlink: 342 bytes leftover after parsing attributes in process `syz.3.18777'.
[ 1551.040236][T21760] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18782'.
[ 1551.103315][T21760] netlink: 25 bytes leftover after parsing attributes in process `syz.1.18782'.
[ 1551.924141][T21776] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18786'.
[ 1552.791689][T21794] sg_write: data in/out 1886744398/84 bytes for SCSI command 0x72-- guessing data in;
[ 1552.791689][T21794]    program syz.3.18795 not setting count and/or reply_len properly
[ 1553.260407][T21803] netlink: 342 bytes leftover after parsing attributes in process `syz.2.18797'.
[ 1553.831491][T21814] netlink: 342 bytes leftover after parsing attributes in process `syz.3.18804'.
[ 1554.812771][T21850] netlink: 330 bytes leftover after parsing attributes in process `syz.0.18811'.
[ 1555.971087][T21872] netlink: 334 bytes leftover after parsing attributes in process `syz.2.18816'.
[ 1557.779701][T21899] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1557.810246][T21899] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1557.849141][T21899] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1557.879306][T21899] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1559.457023][T15724] Bluetooth: hci0: command 0x0406 tx timeout
[ 1559.655579][T21982] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18844'.
[ 1559.853120][ T4992] Bluetooth: hci1: command 0x0406 tx timeout
[ 1559.859190][T15724] Bluetooth: hci2: command 0x2016 tx timeout
[ 1559.938399][T15724] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1561.039993][T22020] FAULT_INJECTION: forcing a failure.
[ 1561.039993][T22020] name failslab, interval 1, probability 0, space 0, times 0
[ 1561.147904][T22020] CPU: 0 UID: 0 PID: 22020 Comm: syz.0.18850 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1561.147948][T22020] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1561.147960][T22020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1561.147971][T22020] Call Trace:
[ 1561.147978][T22020]  <TASK>
[ 1561.147987][T22020]  dump_stack_lvl+0x100/0x190
[ 1561.148019][T22020]  should_fail_ex.cold+0x5/0xa
[ 1561.148042][T22020]  should_failslab+0xc2/0x120
[ 1561.148062][T22020]  __kmalloc_node_track_caller_noprof+0xe3/0x850
[ 1561.148092][T22020]  ? kvasprintf_const+0x66/0x1a0
[ 1561.148113][T22020]  ? nci_allocate_device+0x23b/0x410
[ 1561.148132][T22020]  ? virtual_ncidev_open+0x6f/0x220
[ 1561.148160][T22020]  kvasprintf+0xbc/0x150
[ 1561.148181][T22020]  ? __pfx_kvasprintf+0x10/0x10
[ 1561.148205][T22020]  ? rcu_is_watching+0x12/0xc0
[ 1561.148231][T22020]  ? ida_alloc_range+0x70d/0x830
[ 1561.148256][T22020]  ? kfree+0x2ec/0x6b0
[ 1561.148278][T22020]  ? mark_held_locks+0x40/0x70
[ 1561.148305][T22020]  kvasprintf_const+0x66/0x1a0
[ 1561.148329][T22020]  kobject_set_name_vargs+0x5a/0x140
[ 1561.148348][T22020]  dev_set_name+0xc7/0x100
[ 1561.148373][T22020]  ? __pfx_dev_set_name+0x10/0x10
[ 1561.148408][T22020]  nfc_allocate_device+0x206/0x5e0
[ 1561.148438][T22020]  nci_allocate_device+0x23b/0x410
[ 1561.148459][T22020]  virtual_ncidev_open+0x6f/0x220
[ 1561.148484][T22020]  ? __pfx_virtual_ncidev_open+0x10/0x10
[ 1561.148518][T22020]  misc_open+0x26d/0x450
[ 1561.148540][T22020]  ? __pfx_misc_open+0x10/0x10
[ 1561.148560][T22020]  chrdev_open+0x234/0x6a0
[ 1561.148580][T22020]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1561.148614][T22020]  ? __pfx_chrdev_open+0x10/0x10
[ 1561.148636][T22020]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1561.148660][T22020]  do_dentry_open+0x6d8/0x1660
[ 1561.148678][T22020]  ? __pfx_chrdev_open+0x10/0x10
[ 1561.148702][T22020]  vfs_open+0x82/0x3f0
[ 1561.148728][T22020]  path_openat+0x208c/0x31a0
[ 1561.148769][T22020]  ? __pfx_path_openat+0x10/0x10
[ 1561.148798][T22020]  do_file_open+0x20e/0x430
[ 1561.148821][T22020]  ? __pfx_do_file_open+0x10/0x10
[ 1561.148869][T22020]  ? alloc_fd+0x476/0x790
[ 1561.148891][T22020]  ? do_getname+0x191/0x390
[ 1561.148915][T22020]  do_sys_openat2+0x10d/0x1e0
[ 1561.148941][T22020]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1561.148974][T22020]  __x64_sys_openat+0x12d/0x210
[ 1561.148999][T22020]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1561.149032][T22020]  do_syscall_64+0x106/0xf80
[ 1561.149057][T22020]  ? clear_bhb_loop+0x40/0x90
[ 1561.149080][T22020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1561.149100][T22020] RIP: 0033:0x7f3a40b9c799
[ 1561.149116][T22020] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1561.149134][T22020] RSP: 002b:00007f3a41a0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1561.149153][T22020] RAX: ffffffffffffffda RBX: 00007f3a40e15fa0 RCX: 00007f3a40b9c799
[ 1561.149165][T22020] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c
[ 1561.149176][T22020] RBP: 00007f3a40c32c99 R08: 0000000000000000 R09: 0000000000000000
[ 1561.149187][T22020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1561.149198][T22020] R13: 00007f3a40e16038 R14: 00007f3a40e15fa0 R15: 00007ffdaf7dd168
[ 1561.149221][T22020]  </TASK>
[ 1561.978730][T22020] workqueue: Failed to create a rescuer kthread for wq "(null)_nci_rx_wq": -EINTR
[ 1563.158431][T22090] netlink: 330 bytes leftover after parsing attributes in process `syz.1.18858'.
[ 1563.904484][T22101] netlink: 206 bytes leftover after parsing attributes in process `syz.3.18862'.
[ 1564.522932][T22117] netlink: 334 bytes leftover after parsing attributes in process `syz.3.18868'.
[ 1565.469105][T22129] FAULT_INJECTION: forcing a failure.
[ 1565.469105][T22129] name failslab, interval 1, probability 0, space 0, times 0
[ 1565.672872][T22129] CPU: 0 UID: 0 PID: 22129 Comm: syz.0.18874 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1565.672916][T22129] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1565.672928][T22129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1565.672939][T22129] Call Trace:
[ 1565.672946][T22129]  <TASK>
[ 1565.672959][T22129]  dump_stack_lvl+0x100/0x190
[ 1565.672991][T22129]  should_fail_ex.cold+0x5/0xa
[ 1565.673014][T22129]  should_failslab+0xc2/0x120
[ 1565.673034][T22129]  __kmalloc_cache_noprof+0x7a/0x6f0
[ 1565.673058][T22129]  ? wakeup_source_device_create+0x46/0x2e0
[ 1565.673086][T22129]  wakeup_source_device_create+0x46/0x2e0
[ 1565.673109][T22129]  wakeup_source_sysfs_add+0x1c/0x90
[ 1565.673130][T22129]  wakeup_source_register+0x154/0x3e0
[ 1565.673160][T22129]  ep_create_wakeup_source+0x1df/0x2e0
[ 1565.673191][T22129]  ? __pfx_ep_create_wakeup_source+0x10/0x10
[ 1565.673225][T22129]  ? do_epoll_ctl+0x1012/0x36a0
[ 1565.673243][T22129]  ? do_epoll_ctl+0x1012/0x36a0
[ 1565.673267][T22129]  do_epoll_ctl+0x1eee/0x36a0
[ 1565.673296][T22129]  ? __pfx_do_epoll_ctl+0x10/0x10
[ 1565.673315][T22129]  ? find_held_lock+0x2b/0x80
[ 1565.673332][T22129]  ? __might_fault+0xc5/0x140
[ 1565.673357][T22129]  ? __might_fault+0xc5/0x140
[ 1565.673391][T22129]  ? __x64_sys_epoll_ctl+0x15c/0x1e0
[ 1565.673409][T22129]  __x64_sys_epoll_ctl+0x15c/0x1e0
[ 1565.673430][T22129]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[ 1565.673457][T22129]  do_syscall_64+0x106/0xf80
[ 1565.673483][T22129]  ? clear_bhb_loop+0x40/0x90
[ 1565.673505][T22129]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1565.673525][T22129] RIP: 0033:0x7f3a40b9c799
[ 1565.673540][T22129] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1565.673559][T22129] RSP: 002b:00007f3a41a0b028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[ 1565.673577][T22129] RAX: ffffffffffffffda RBX: 00007f3a40e15fa0 RCX: 00007f3a40b9c799
[ 1565.673590][T22129] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004
[ 1565.673600][T22129] RBP: 00007f3a40c32c99 R08: 0000000000000000 R09: 0000000000000000
[ 1565.673611][T22129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1565.673622][T22129] R13: 00007f3a40e16038 R14: 00007f3a40e15fa0 R15: 00007ffdaf7dd168
[ 1565.673646][T22129]  </TASK>
[ 1566.302825][T22138] netlink: 28 bytes leftover after parsing attributes in process `syz.3.18877'.
[ 1567.842939][T22183] futex_wake_op: syz.2.18890 tries to shift op by -2048; fix this program
[ 1567.894477][T22183] futex_wake_op: syz.2.18890 tries to shift op by -2048; fix this program
[ 1569.832024][T22224] FAULT_INJECTION: forcing a failure.
[ 1569.832024][T22224] name failslab, interval 1, probability 0, space 0, times 0
[ 1570.016044][T22224] CPU: 0 UID: 0 PID: 22224 Comm: syz.3.18899 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1570.016090][T22224] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1570.016101][T22224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1570.016113][T22224] Call Trace:
[ 1570.016120][T22224]  <TASK>
[ 1570.016128][T22224]  dump_stack_lvl+0x100/0x190
[ 1570.016160][T22224]  should_fail_ex.cold+0x5/0xa
[ 1570.016183][T22224]  should_failslab+0xc2/0x120
[ 1570.016203][T22224]  __kmalloc_cache_noprof+0x7a/0x6f0
[ 1570.016227][T22224]  ? snd_seq_timer_new+0x44/0x1b0
[ 1570.016259][T22224]  snd_seq_timer_new+0x44/0x1b0
[ 1570.016286][T22224]  snd_seq_queue_alloc+0x177/0x590
[ 1570.016313][T22224]  snd_seq_ioctl_create_queue+0xa9/0x370
[ 1570.016343][T22224]  call_seq_client_ctl+0xa3/0x130
[ 1570.016381][T22224]  snd_seq_kernel_client_ctl+0x77/0xd0
[ 1570.016413][T22224]  alloc_seq_queue+0xdb/0x180
[ 1570.016431][T22224]  ? __pfx_alloc_seq_queue+0x10/0x10
[ 1570.016462][T22224]  ? mark_held_locks+0x40/0x70
[ 1570.016484][T22224]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1570.016508][T22224]  ? lockdep_hardirqs_on+0x78/0x100
[ 1570.016536][T22224]  snd_seq_oss_open+0x2b2/0xa10
[ 1570.016560][T22224]  odev_open+0x79/0xc0
[ 1570.016575][T22224]  ? __pfx_odev_open+0x10/0x10
[ 1570.016591][T22224]  soundcore_open+0x2e3/0x5a0
[ 1570.016612][T22224]  ? __pfx_soundcore_open+0x10/0x10
[ 1570.016630][T22224]  chrdev_open+0x234/0x6a0
[ 1570.016649][T22224]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1570.016679][T22224]  ? __pfx_chrdev_open+0x10/0x10
[ 1570.016699][T22224]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1570.016724][T22224]  do_dentry_open+0x6d8/0x1660
[ 1570.016742][T22224]  ? __pfx_chrdev_open+0x10/0x10
[ 1570.016766][T22224]  vfs_open+0x82/0x3f0
[ 1570.016792][T22224]  path_openat+0x208c/0x31a0
[ 1570.016819][T22224]  ? __pfx_path_openat+0x10/0x10
[ 1570.016846][T22224]  do_file_open+0x20e/0x430
[ 1570.016868][T22224]  ? __pfx_do_file_open+0x10/0x10
[ 1570.016904][T22224]  ? alloc_fd+0x476/0x790
[ 1570.016924][T22224]  ? do_getname+0x191/0x390
[ 1570.016949][T22224]  do_sys_openat2+0x10d/0x1e0
[ 1570.016974][T22224]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1570.017000][T22224]  ? __fget_files+0x21f/0x3d0
[ 1570.017021][T22224]  __x64_sys_openat+0x12d/0x210
[ 1570.017051][T22224]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1570.017085][T22224]  do_syscall_64+0x106/0xf80
[ 1570.017111][T22224]  ? clear_bhb_loop+0x40/0x90
[ 1570.017134][T22224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1570.017153][T22224] RIP: 0033:0x7fe5cf19c799
[ 1570.017170][T22224] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1570.017188][T22224] RSP: 002b:00007fe5d0051028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1570.017206][T22224] RAX: ffffffffffffffda RBX: 00007fe5cf415fa0 RCX: 00007fe5cf19c799
[ 1570.017218][T22224] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1570.017229][T22224] RBP: 00007fe5cf232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1570.017240][T22224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1570.017251][T22224] R13: 00007fe5cf416038 R14: 00007fe5cf415fa0 R15: 00007ffefc437498
[ 1570.017275][T22224]  </TASK>
[ 1574.213567][T22282] FAULT_INJECTION: forcing a failure.
[ 1574.213567][T22282] name failslab, interval 1, probability 0, space 0, times 0
[ 1574.400451][T22282] CPU: 0 UID: 0 PID: 22282 Comm: syz.3.18918 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1574.400496][T22282] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1574.400509][T22282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1574.400520][T22282] Call Trace:
[ 1574.400527][T22282]  <TASK>
[ 1574.400535][T22282]  dump_stack_lvl+0x100/0x190
[ 1574.400568][T22282]  should_fail_ex.cold+0x5/0xa
[ 1574.400590][T22282]  should_failslab+0xc2/0x120
[ 1574.400611][T22282]  kmem_cache_alloc_noprof+0x7b/0x6e0
[ 1574.400638][T22282]  ? ptlock_alloc+0x1f/0x70
[ 1574.400668][T22282]  ptlock_alloc+0x1f/0x70
[ 1574.400691][T22282]  pte_alloc_one+0x82/0x3d0
[ 1574.400712][T22282]  do_huge_pmd_anonymous_page+0x2bc/0x1c40
[ 1574.400742][T22282]  ? __pmd_alloc+0x3fb/0x950
[ 1574.400765][T22282]  __handle_mm_fault+0x1e9e/0x2b60
[ 1574.400794][T22282]  ? __lock_acquire+0x4a5/0x2630
[ 1574.400818][T22282]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1574.400841][T22282]  ? __pfx_mt_find+0x10/0x10
[ 1574.400871][T22282]  ? __lock_acquire+0x4a5/0x2630
[ 1574.400900][T22282]  ? pmdp_set_access_flags+0x12d/0x1a0
[ 1574.400928][T22282]  handle_mm_fault+0x36d/0xa20
[ 1574.400957][T22282]  __get_user_pages+0xf9c/0x34d0
[ 1574.400987][T22282]  ? __pfx___get_user_pages+0x10/0x10
[ 1574.401014][T22282]  populate_vma_page_range+0x267/0x3f0
[ 1574.401037][T22282]  ? __pfx_populate_vma_page_range+0x10/0x10
[ 1574.401059][T22282]  ? __pfx_find_vma_intersection+0x10/0x10
[ 1574.401080][T22282]  ? do_mmap+0x93f/0x12f0
[ 1574.401102][T22282]  __mm_populate+0x107/0x3a0
[ 1574.401130][T22282]  ? __pfx___mm_populate+0x10/0x10
[ 1574.401154][T22282]  ? up_write+0x290/0x4f0
[ 1574.401182][T22282]  vm_mmap_pgoff+0x37f/0x470
[ 1574.401205][T22282]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 1574.401228][T22282]  ? do_futex+0x192/0x350
[ 1574.401251][T22282]  ? __pfx_do_futex+0x10/0x10
[ 1574.401279][T22282]  ksys_mmap_pgoff+0xe1/0x650
[ 1574.401299][T22282]  ? __x64_sys_futex+0x34f/0x4d0
[ 1574.401321][T22282]  ? __x64_sys_futex+0x358/0x4d0
[ 1574.401345][T22282]  ? __pfx_ksys_mmap_pgoff+0x10/0x10
[ 1574.401365][T22282]  ? xfd_validate_state+0x129/0x190
[ 1574.401395][T22282]  __x64_sys_mmap+0x125/0x190
[ 1574.401430][T22282]  do_syscall_64+0x106/0xf80
[ 1574.401455][T22282]  ? clear_bhb_loop+0x40/0x90
[ 1574.401477][T22282]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1574.401496][T22282] RIP: 0033:0x7fe5cf19c799
[ 1574.401513][T22282] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1574.401532][T22282] RSP: 002b:00007fe5d0051028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1574.401551][T22282] RAX: ffffffffffffffda RBX: 00007fe5cf415fa0 RCX: 00007fe5cf19c799
[ 1574.401563][T22282] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000
[ 1574.401574][T22282] RBP: 00007fe5cf232c99 R08: 0000000000000002 R09: 0000000000008000
[ 1574.401586][T22282] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[ 1574.401597][T22282] R13: 00007fe5cf416038 R14: 00007fe5cf415fa0 R15: 00007ffefc437498
[ 1574.401620][T22282]  </TASK>
[ 1575.161360][T22292] netlink: 334 bytes leftover after parsing attributes in process `syz.1.18920'.
[ 1582.497186][T22433] netlink: 334 bytes leftover after parsing attributes in process `syz.3.18963'.
[ 1586.400618][T22479] netlink: 334 bytes leftover after parsing attributes in process `syz.2.18979'.
[ 1588.757343][T22515] kvm: kvm [22514]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000004)
[ 1589.011845][T22521] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18995'.
[ 1589.142899][T22521] ipvlan0: entered promiscuous mode
[ 1589.191159][T22521] ipvlan0: entered allmulticast mode
[ 1591.342079][T22549] FAULT_INJECTION: forcing a failure.
[ 1591.342079][T22549] name failslab, interval 1, probability 0, space 0, times 0
[ 1591.439736][T22549] CPU: 0 UID: 0 PID: 22549 Comm: syz.3.19006 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1591.439780][T22549] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1591.439792][T22549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1591.439803][T22549] Call Trace:
[ 1591.439810][T22549]  <TASK>
[ 1591.439818][T22549]  dump_stack_lvl+0x100/0x190
[ 1591.439851][T22549]  should_fail_ex.cold+0x5/0xa
[ 1591.439873][T22549]  should_failslab+0xc2/0x120
[ 1591.439893][T22549]  __kmalloc_cache_noprof+0x7a/0x6f0
[ 1591.439918][T22549]  ? mtdchar_open+0x1e5/0x340
[ 1591.439936][T22549]  ? find_held_lock+0x2b/0x80
[ 1591.439954][T22549]  ? chrdev_open+0x10b/0x6a0
[ 1591.439975][T22549]  mtdchar_open+0x1e5/0x340
[ 1591.439994][T22549]  ? __pfx_mtdchar_open+0x10/0x10
[ 1591.440012][T22549]  chrdev_open+0x234/0x6a0
[ 1591.440030][T22549]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1591.440060][T22549]  ? __pfx_chrdev_open+0x10/0x10
[ 1591.440080][T22549]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1591.440105][T22549]  do_dentry_open+0x6d8/0x1660
[ 1591.440123][T22549]  ? __pfx_chrdev_open+0x10/0x10
[ 1591.440146][T22549]  vfs_open+0x82/0x3f0
[ 1591.440172][T22549]  path_openat+0x208c/0x31a0
[ 1591.440205][T22549]  ? __pfx_path_openat+0x10/0x10
[ 1591.440232][T22549]  do_file_open+0x20e/0x430
[ 1591.440253][T22549]  ? __pfx_do_file_open+0x10/0x10
[ 1591.440286][T22549]  ? alloc_fd+0x476/0x790
[ 1591.440306][T22549]  ? do_getname+0x191/0x390
[ 1591.440331][T22549]  do_sys_openat2+0x10d/0x1e0
[ 1591.440355][T22549]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1591.440382][T22549]  ? __fget_files+0x21f/0x3d0
[ 1591.440404][T22549]  __x64_sys_openat+0x12d/0x210
[ 1591.440428][T22549]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1591.440461][T22549]  do_syscall_64+0x106/0xf80
[ 1591.440486][T22549]  ? clear_bhb_loop+0x40/0x90
[ 1591.440509][T22549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1591.440527][T22549] RIP: 0033:0x7fe5cf19c799
[ 1591.440544][T22549] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1591.440561][T22549] RSP: 002b:00007fe5d0051028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1591.440580][T22549] RAX: ffffffffffffffda RBX: 00007fe5cf415fa0 RCX: 00007fe5cf19c799
[ 1591.440591][T22549] RDX: 0000000000002c00 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1591.440604][T22549] RBP: 00007fe5cf232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1591.440614][T22549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1591.440625][T22549] R13: 00007fe5cf416038 R14: 00007fe5cf415fa0 R15: 00007ffefc437498
[ 1591.440648][T22549]  </TASK>
[ 1596.350877][T22611] netlink: 28 bytes leftover after parsing attributes in process `syz.1.19028'.
[ 1598.069569][T22634] : renamed from bond0 (while UP)
[ 1599.893638][T22657] netlink: 'syz.1.19043': attribute type 27 has an invalid length.
[ 1600.045939][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1600.052284][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[ 1600.074951][T22657] netlink: 334 bytes leftover after parsing attributes in process `syz.1.19043'.
[ 1600.257938][T22658] Process accounting resumed
[ 1600.405131][T22662] kvm: kvm [22661]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000004)
[ 1601.075756][T22684] netlink: 'syz.2.19054': attribute type 16 has an invalid length.
[ 1601.122815][T22684] netlink: 306 bytes leftover after parsing attributes in process `syz.2.19054'.
[ 1603.228809][T22717] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1603.270701][T22717] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1603.276747][T22717] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1603.349882][T22717] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1604.899214][ T4992] Bluetooth: hci0: command 0x0406 tx timeout
[ 1605.298259][ T4992] Bluetooth: hci2: command 0x2016 tx timeout
[ 1605.304517][ T4992] Bluetooth: hci1: command 0x0406 tx timeout
[ 1605.378923][T22763] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1606.578529][T22773] sg_write: data in/out 1886744398/84 bytes for SCSI command 0x72-- guessing data in;
[ 1606.578529][T22773]    program syz.0.19071 not setting count and/or reply_len properly
[ 1609.759244][T22837] ima: policy update failed
[ 1609.813169][   T29] audit: type=1802 audit(4294986402.766:62): pid=22837 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.19086" res=0 errno=0
[ 1612.059000][T22887] netlink: 142 bytes leftover after parsing attributes in process `syz.2.19093'.
[ 1614.900261][T22960] FAULT_INJECTION: forcing a failure.
[ 1614.900261][T22960] name failslab, interval 1, probability 0, space 0, times 0
[ 1615.014194][T22960] CPU: 0 UID: 0 PID: 22960 Comm: syz.0.19105 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1615.014240][T22960] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1615.014252][T22960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1615.014264][T22960] Call Trace:
[ 1615.014271][T22960]  <TASK>
[ 1615.014280][T22960]  dump_stack_lvl+0x100/0x190
[ 1615.014311][T22960]  should_fail_ex.cold+0x5/0xa
[ 1615.014333][T22960]  should_failslab+0xc2/0x120
[ 1615.014354][T22960]  __kmalloc_cache_noprof+0x7a/0x6f0
[ 1615.014377][T22960]  ? nci_allocate_device+0x105/0x410
[ 1615.014408][T22960]  nci_allocate_device+0x105/0x410
[ 1615.014430][T22960]  virtual_ncidev_open+0x6f/0x220
[ 1615.014456][T22960]  ? __pfx_virtual_ncidev_open+0x10/0x10
[ 1615.014480][T22960]  misc_open+0x26d/0x450
[ 1615.014500][T22960]  ? __pfx_misc_open+0x10/0x10
[ 1615.014521][T22960]  chrdev_open+0x234/0x6a0
[ 1615.014540][T22960]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1615.014570][T22960]  ? __pfx_chrdev_open+0x10/0x10
[ 1615.014591][T22960]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1615.014615][T22960]  do_dentry_open+0x6d8/0x1660
[ 1615.014633][T22960]  ? __pfx_chrdev_open+0x10/0x10
[ 1615.014657][T22960]  vfs_open+0x82/0x3f0
[ 1615.014683][T22960]  path_openat+0x208c/0x31a0
[ 1615.014709][T22960]  ? __pfx_path_openat+0x10/0x10
[ 1615.014736][T22960]  do_file_open+0x20e/0x430
[ 1615.014757][T22960]  ? __pfx_do_file_open+0x10/0x10
[ 1615.014792][T22960]  ? alloc_fd+0x476/0x790
[ 1615.014821][T22960]  ? do_getname+0x191/0x390
[ 1615.014845][T22960]  do_sys_openat2+0x10d/0x1e0
[ 1615.014869][T22960]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1615.014895][T22960]  ? __fget_files+0x21f/0x3d0
[ 1615.014916][T22960]  __x64_sys_openat+0x12d/0x210
[ 1615.014941][T22960]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1615.014975][T22960]  do_syscall_64+0x106/0xf80
[ 1615.015001][T22960]  ? clear_bhb_loop+0x40/0x90
[ 1615.015024][T22960]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1615.015043][T22960] RIP: 0033:0x7f3a40b9c799
[ 1615.015061][T22960] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1615.015079][T22960] RSP: 002b:00007f3a41a0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1615.015098][T22960] RAX: ffffffffffffffda RBX: 00007f3a40e15fa0 RCX: 00007f3a40b9c799
[ 1615.015110][T22960] RDX: 0000000000000002 RSI: 0000200000000100 RDI: ffffffffffffff9c
[ 1615.015121][T22960] RBP: 00007f3a40c32c99 R08: 0000000000000000 R09: 0000000000000000
[ 1615.015132][T22960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1615.015143][T22960] R13: 00007f3a40e16038 R14: 00007f3a40e15fa0 R15: 00007ffdaf7dd168
[ 1615.015166][T22960]  </TASK>
[ 1626.361095][T23220] smpboot: Booting Node 0 Processor 1 APIC 0x1
[ 1626.403513][T23222] FAULT_INJECTION: forcing a failure.
[ 1626.403513][T23222] name failslab, interval 1, probability 0, space 0, times 0
[ 1626.517553][T23220] MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details.
[ 1626.534055][T23220] TAA CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html for more details.
[ 1626.595637][T23222] CPU: 1 UID: 0 PID: 23222 Comm: syz.2.19144 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1626.595727][T23222] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1626.595749][T23222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1626.595767][T23222] Call Trace:
[ 1626.595778][T23222]  <TASK>
[ 1626.595791][T23222]  dump_stack_lvl+0x100/0x190
[ 1626.595842][T23222]  should_fail_ex.cold+0x5/0xa
[ 1626.595882][T23222]  should_failslab+0xc2/0x120
[ 1626.595915][T23222]  __kmalloc_cache_noprof+0x7a/0x6f0
[ 1626.595951][T23222]  ? nci_allocate_device+0x105/0x410
[ 1626.595993][T23222]  nci_allocate_device+0x105/0x410
[ 1626.596029][T23222]  virtual_ncidev_open+0x6f/0x220
[ 1626.596070][T23222]  ? __pfx_virtual_ncidev_open+0x10/0x10
[ 1626.596118][T23222]  misc_open+0x26d/0x450
[ 1626.596153][T23222]  ? __pfx_misc_open+0x10/0x10
[ 1626.596186][T23222]  chrdev_open+0x234/0x6a0
[ 1626.596215][T23222]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1626.596260][T23222]  ? __pfx_chrdev_open+0x10/0x10
[ 1626.596291][T23222]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1626.596330][T23222]  do_dentry_open+0x6d8/0x1660
[ 1626.596359][T23222]  ? __pfx_chrdev_open+0x10/0x10
[ 1626.596397][T23222]  vfs_open+0x82/0x3f0
[ 1626.596437][T23222]  path_openat+0x208c/0x31a0
[ 1626.596480][T23222]  ? __pfx_path_openat+0x10/0x10
[ 1626.596525][T23222]  do_file_open+0x20e/0x430
[ 1626.596557][T23222]  ? __pfx_do_file_open+0x10/0x10
[ 1626.596616][T23222]  ? alloc_fd+0x476/0x790
[ 1626.596649][T23222]  ? do_getname+0x191/0x390
[ 1626.596789][T23222]  do_sys_openat2+0x10d/0x1e0
[ 1626.596828][T23222]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1626.596870][T23222]  ? __fget_files+0x21f/0x3d0
[ 1626.596905][T23222]  __x64_sys_openat+0x12d/0x210
[ 1626.596942][T23222]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1626.596995][T23222]  do_syscall_64+0x106/0xf80
[ 1626.597035][T23222]  ? clear_bhb_loop+0x40/0x90
[ 1626.597068][T23222]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1626.597098][T23222] RIP: 0033:0x7f183a19c799
[ 1626.597122][T23222] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1626.597152][T23222] RSP: 002b:00007f183afc0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1626.597183][T23222] RAX: ffffffffffffffda RBX: 00007f183a415fa0 RCX: 00007f183a19c799
[ 1626.597205][T23222] RDX: 0000000000000002 RSI: 0000200000000100 RDI: ffffffffffffff9c
[ 1626.597225][T23222] RBP: 00007f183a232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1626.597244][T23222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1626.597262][T23222] R13: 00007f183a416038 R14: 00007f183a415fa0 R15: 00007ffed2142308
[ 1626.597307][T23222]  </TASK>
[ 1626.894426][T23220] MMIO Stale Data CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html for more details.
[ 1630.139239][T23271] Process accounting paused
[ 1630.486408][T23321] FAULT_INJECTION: forcing a failure.
[ 1630.486408][T23321] name failslab, interval 1, probability 0, space 0, times 0
[ 1630.582000][T23321] CPU: 1 UID: 0 PID: 23321 Comm: syz.2.19158 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1630.582075][T23321] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1630.582097][T23321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1630.582116][T23321] Call Trace:
[ 1630.582128][T23321]  <TASK>
[ 1630.582142][T23321]  dump_stack_lvl+0x100/0x190
[ 1630.582197][T23321]  should_fail_ex.cold+0x5/0xa
[ 1630.582235][T23321]  should_failslab+0xc2/0x120
[ 1630.582270][T23321]  __kmalloc_cache_noprof+0x7a/0x6f0
[ 1630.582310][T23321]  ? nci_hci_allocate+0x45/0x330
[ 1630.582346][T23321]  ? mutex_init_lockep+0x110/0x150
[ 1630.582389][T23321]  nci_hci_allocate+0x45/0x330
[ 1630.582425][T23321]  nci_allocate_device+0x26f/0x410
[ 1630.582457][T23321]  virtual_ncidev_open+0x6f/0x220
[ 1630.582496][T23321]  ? __pfx_virtual_ncidev_open+0x10/0x10
[ 1630.582532][T23321]  misc_open+0x26d/0x450
[ 1630.582562][T23321]  ? __pfx_misc_open+0x10/0x10
[ 1630.582590][T23321]  chrdev_open+0x234/0x6a0
[ 1630.582617][T23321]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1630.582662][T23321]  ? __pfx_chrdev_open+0x10/0x10
[ 1630.582692][T23321]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1630.582730][T23321]  do_dentry_open+0x6d8/0x1660
[ 1630.582758][T23321]  ? __pfx_chrdev_open+0x10/0x10
[ 1630.582795][T23321]  vfs_open+0x82/0x3f0
[ 1630.582832][T23321]  path_openat+0x208c/0x31a0
[ 1630.582882][T23321]  ? __pfx_path_openat+0x10/0x10
[ 1630.582930][T23321]  do_file_open+0x20e/0x430
[ 1630.582966][T23321]  ? __pfx_do_file_open+0x10/0x10
[ 1630.583035][T23321]  ? alloc_fd+0x476/0x790
[ 1630.583073][T23321]  ? do_getname+0x191/0x390
[ 1630.583118][T23321]  do_sys_openat2+0x10d/0x1e0
[ 1630.583159][T23321]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1630.583214][T23321]  __x64_sys_openat+0x12d/0x210
[ 1630.583257][T23321]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1630.583315][T23321]  do_syscall_64+0x106/0xf80
[ 1630.583359][T23321]  ? clear_bhb_loop+0x40/0x90
[ 1630.583397][T23321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1630.583430][T23321] RIP: 0033:0x7f183a19c799
[ 1630.583460][T23321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1630.583490][T23321] RSP: 002b:00007f183afc0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1630.583522][T23321] RAX: ffffffffffffffda RBX: 00007f183a415fa0 RCX: 00007f183a19c799
[ 1630.583543][T23321] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c
[ 1630.583562][T23321] RBP: 00007f183a232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1630.583579][T23321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1630.583598][T23321] R13: 00007f183a416038 R14: 00007f183a415fa0 R15: 00007ffed2142308
[ 1630.583639][T23321]  </TASK>
[ 1631.527696][T23350] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[ 1632.656561][T23387] FAULT_INJECTION: forcing a failure.
[ 1632.656561][T23387] name failslab, interval 1, probability 0, space 0, times 0
[ 1632.718027][T23387] CPU: 1 UID: 0 PID: 23387 Comm: syz.2.19164 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1632.718104][T23387] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1632.718125][T23387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1632.718144][T23387] Call Trace:
[ 1632.718154][T23387]  <TASK>
[ 1632.718168][T23387]  dump_stack_lvl+0x100/0x190
[ 1632.718223][T23387]  should_fail_ex.cold+0x5/0xa
[ 1632.718260][T23387]  should_failslab+0xc2/0x120
[ 1632.718294][T23387]  __kmalloc_cache_noprof+0x7a/0x6f0
[ 1632.718334][T23387]  ? snd_seq_timer_new+0x44/0x1b0
[ 1632.718388][T23387]  snd_seq_timer_new+0x44/0x1b0
[ 1632.718433][T23387]  snd_seq_queue_alloc+0x177/0x590
[ 1632.718479][T23387]  snd_seq_ioctl_create_queue+0xa9/0x370
[ 1632.718528][T23387]  call_seq_client_ctl+0xa3/0x130
[ 1632.718579][T23387]  snd_seq_kernel_client_ctl+0x77/0xd0
[ 1632.718630][T23387]  alloc_seq_queue+0xdb/0x180
[ 1632.718662][T23387]  ? __pfx_alloc_seq_queue+0x10/0x10
[ 1632.718717][T23387]  ? mark_held_locks+0x40/0x70
[ 1632.718754][T23387]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1632.718794][T23387]  ? lockdep_hardirqs_on+0x78/0x100
[ 1632.718843][T23387]  snd_seq_oss_open+0x2b2/0xa10
[ 1632.718895][T23387]  odev_open+0x79/0xc0
[ 1632.718923][T23387]  ? __pfx_odev_open+0x10/0x10
[ 1632.718951][T23387]  soundcore_open+0x2e3/0x5a0
[ 1632.718987][T23387]  ? __pfx_soundcore_open+0x10/0x10
[ 1632.719018][T23387]  chrdev_open+0x234/0x6a0
[ 1632.719056][T23387]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1632.719107][T23387]  ? __pfx_chrdev_open+0x10/0x10
[ 1632.719142][T23387]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1632.719187][T23387]  do_dentry_open+0x6d8/0x1660
[ 1632.719218][T23387]  ? __pfx_chrdev_open+0x10/0x10
[ 1632.719261][T23387]  vfs_open+0x82/0x3f0
[ 1632.719304][T23387]  path_openat+0x208c/0x31a0
[ 1632.719351][T23387]  ? __pfx_path_openat+0x10/0x10
[ 1632.719400][T23387]  do_file_open+0x20e/0x430
[ 1632.719436][T23387]  ? __pfx_do_file_open+0x10/0x10
[ 1632.719500][T23387]  ? alloc_fd+0x476/0x790
[ 1632.719533][T23387]  ? do_getname+0x191/0x390
[ 1632.719576][T23387]  do_sys_openat2+0x10d/0x1e0
[ 1632.719613][T23387]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1632.719657][T23387]  ? __fget_files+0x21f/0x3d0
[ 1632.719695][T23387]  __x64_sys_openat+0x12d/0x210
[ 1632.719737][T23387]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1632.719798][T23387]  do_syscall_64+0x106/0xf80
[ 1632.719841][T23387]  ? clear_bhb_loop+0x40/0x90
[ 1632.719891][T23387]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1632.719923][T23387] RIP: 0033:0x7f183a19c799
[ 1632.719952][T23387] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1632.719983][T23387] RSP: 002b:00007f183afc0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1632.720015][T23387] RAX: ffffffffffffffda RBX: 00007f183a415fa0 RCX: 00007f183a19c799
[ 1632.720037][T23387] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1632.720057][T23387] RBP: 00007f183a232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1632.720076][T23387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1632.720094][T23387] R13: 00007f183a416038 R14: 00007f183a415fa0 R15: 00007ffed2142308
[ 1632.720137][T23387]  </TASK>
[ 1635.996599][T23457] netlink: 'syz.3.19174': attribute type 22 has an invalid length.
[ 1636.053531][T23457] netlink: 330 bytes leftover after parsing attributes in process `syz.3.19174'.
[ 1636.680165][   T29] audit: type=1800 audit(4294986429.786:63): pid=23470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.19180" name="dbroot" dev="configfs" ino=37857 res=0 errno=0
[ 1636.690910][T23470] db_root: cannot open: 0
[ 1638.960944][T23509] FAULT_INJECTION: forcing a failure.
[ 1638.960944][T23509] name failslab, interval 1, probability 0, space 0, times 0
[ 1639.011261][T23509] CPU: 1 UID: 0 PID: 23509 Comm: syz.0.19183 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1639.011334][T23509] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1639.011352][T23509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1639.011371][T23509] Call Trace:
[ 1639.011383][T23509]  <TASK>
[ 1639.011396][T23509]  dump_stack_lvl+0x100/0x190
[ 1639.011461][T23509]  should_fail_ex.cold+0x5/0xa
[ 1639.011498][T23509]  should_failslab+0xc2/0x120
[ 1639.011540][T23509]  __kmalloc_cache_noprof+0x7a/0x6f0
[ 1639.011583][T23509]  ? snd_seq_timer_new+0x44/0x1b0
[ 1639.011635][T23509]  snd_seq_timer_new+0x44/0x1b0
[ 1639.011680][T23509]  snd_seq_queue_alloc+0x177/0x590
[ 1639.011726][T23509]  snd_seq_ioctl_create_queue+0xa9/0x370
[ 1639.011775][T23509]  call_seq_client_ctl+0xa3/0x130
[ 1639.011826][T23509]  snd_seq_kernel_client_ctl+0x77/0xd0
[ 1639.011874][T23509]  alloc_seq_queue+0xdb/0x180
[ 1639.011905][T23509]  ? __pfx_alloc_seq_queue+0x10/0x10
[ 1639.011959][T23509]  ? mark_held_locks+0x40/0x70
[ 1639.011996][T23509]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1639.012034][T23509]  ? lockdep_hardirqs_on+0x78/0x100
[ 1639.012084][T23509]  snd_seq_oss_open+0x2b2/0xa10
[ 1639.012126][T23509]  odev_open+0x79/0xc0
[ 1639.012152][T23509]  ? __pfx_odev_open+0x10/0x10
[ 1639.012181][T23509]  soundcore_open+0x2e3/0x5a0
[ 1639.012216][T23509]  ? __pfx_soundcore_open+0x10/0x10
[ 1639.012247][T23509]  chrdev_open+0x234/0x6a0
[ 1639.012280][T23509]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1639.012345][T23509]  ? __pfx_chrdev_open+0x10/0x10
[ 1639.012381][T23509]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1639.012424][T23509]  do_dentry_open+0x6d8/0x1660
[ 1639.012456][T23509]  ? __pfx_chrdev_open+0x10/0x10
[ 1639.012498][T23509]  vfs_open+0x82/0x3f0
[ 1639.012554][T23509]  path_openat+0x208c/0x31a0
[ 1639.012602][T23509]  ? __pfx_path_openat+0x10/0x10
[ 1639.012653][T23509]  do_file_open+0x20e/0x430
[ 1639.012690][T23509]  ? __pfx_do_file_open+0x10/0x10
[ 1639.012755][T23509]  ? alloc_fd+0x476/0x790
[ 1639.012790][T23509]  ? do_getname+0x191/0x390
[ 1639.012833][T23509]  do_sys_openat2+0x10d/0x1e0
[ 1639.012889][T23509]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1639.012935][T23509]  ? __fget_files+0x21f/0x3d0
[ 1639.012976][T23509]  __x64_sys_openat+0x12d/0x210
[ 1639.013021][T23509]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1639.013080][T23509]  do_syscall_64+0x106/0xf80
[ 1639.013122][T23509]  ? clear_bhb_loop+0x40/0x90
[ 1639.013161][T23509]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1639.013195][T23509] RIP: 0033:0x7f3a40b9c799
[ 1639.013251][T23509] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1639.013284][T23509] RSP: 002b:00007f3a41a0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1639.013315][T23509] RAX: ffffffffffffffda RBX: 00007f3a40e15fa0 RCX: 00007f3a40b9c799
[ 1639.013335][T23509] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1639.013355][T23509] RBP: 00007f3a40c32c99 R08: 0000000000000000 R09: 0000000000000000
[ 1639.013374][T23509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1639.013392][T23509] R13: 00007f3a40e16038 R14: 00007f3a40e15fa0 R15: 00007ffdaf7dd168
[ 1639.013435][T23509]  </TASK>
[ 1639.437426][T23515] netlink: 146 bytes leftover after parsing attributes in process `syz.1.19186'.
[ 1640.624394][T23538] netlink: 146 bytes leftover after parsing attributes in process `syz.1.19195'.
[ 1641.187268][T23549] netlink: 4 bytes leftover after parsing attributes in process `syz.1.19198'.
[ 1641.213472][T23549] netlink: 5 bytes leftover after parsing attributes in process `syz.1.19198'.
[ 1641.247359][T23549] netlink: 12 bytes leftover after parsing attributes in process `syz.1.19198'.
[ 1650.885278][T23719] netlink: 'syz.1.19239': attribute type 27 has an invalid length.
[ 1650.924322][T23719] netlink: 334 bytes leftover after parsing attributes in process `syz.1.19239'.
[ 1651.317948][T23727] netlink: 338 bytes leftover after parsing attributes in process `syz.3.19242'.
[ 1651.489102][T23731] netlink: 4 bytes leftover after parsing attributes in process `syz.0.19244'.
[ 1651.526645][T23731] netlink: 25 bytes leftover after parsing attributes in process `syz.0.19244'.
[ 1652.468848][T23755] netlink: 342 bytes leftover after parsing attributes in process `syz.1.19250'.
[ 1652.517038][T23755] netlink: 342 bytes leftover after parsing attributes in process `syz.1.19250'.
[ 1652.674428][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1652.791332][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1654.560078][T23801] netlink: 342 bytes leftover after parsing attributes in process `syz.1.19261'.
[ 1655.808440][T23849] netlink: 'syz.3.19269': attribute type 33 has an invalid length.
[ 1655.833744][T23849] netlink: 322 bytes leftover after parsing attributes in process `syz.3.19269'.
[ 1656.663727][T23892] netlink: 322 bytes leftover after parsing attributes in process `syz.2.19276'.
[ 1657.022635][T23897] netlink: 4 bytes leftover after parsing attributes in process `syz.0.19278'.
[ 1657.045255][T23900] netlink: 326 bytes leftover after parsing attributes in process `syz.2.19279'.
[ 1657.073176][T23897] netlink: 'syz.0.19278': attribute type 7 has an invalid length.
[ 1659.286727][T23977] netlink: 342 bytes leftover after parsing attributes in process `syz.1.19299'.
[ 1659.446358][T23978] FAULT_INJECTION: forcing a failure.
[ 1659.446358][T23978] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1659.498915][T23978] CPU: 1 UID: 0 PID: 23978 Comm: syz.3.19298 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1659.498990][T23978] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1659.499011][T23978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1659.499031][T23978] Call Trace:
[ 1659.499043][T23978]  <TASK>
[ 1659.499057][T23978]  dump_stack_lvl+0x100/0x190
[ 1659.499112][T23978]  should_fail_ex.cold+0x5/0xa
[ 1659.499143][T23978]  ? page_copy_sane+0x17c/0x2d0
[ 1659.499181][T23978]  copy_folio_from_iter_atomic+0x427/0x1e70
[ 1659.499228][T23978]  ? rcu_is_watching+0x12/0xc0
[ 1659.499286][T23978]  ? __pfx_copy_folio_from_iter_atomic+0x10/0x10
[ 1659.499336][T23978]  ? shmem_write_begin+0x1ba/0x420
[ 1659.499386][T23978]  ? __pfx_shmem_write_begin+0x10/0x10
[ 1659.499438][T23978]  ? balance_dirty_pages_ratelimited_flags+0x91/0x1170
[ 1659.499483][T23978]  generic_perform_write+0x4cb/0xa40
[ 1659.499543][T23978]  ? __pfx_generic_perform_write+0x10/0x10
[ 1659.499592][T23978]  ? file_update_time_flags+0x373/0x500
[ 1659.499637][T23978]  shmem_file_write_iter+0x10e/0x140
[ 1659.499677][T23978]  vfs_write+0x6ac/0x1070
[ 1659.499708][T23978]  ? __pfx_shmem_file_write_iter+0x10/0x10
[ 1659.499747][T23978]  ? __pfx_vfs_write+0x10/0x10
[ 1659.499824][T23978]  ksys_write+0x12a/0x250
[ 1659.499861][T23978]  ? __pfx_ksys_write+0x10/0x10
[ 1659.499904][T23978]  do_syscall_64+0x106/0xf80
[ 1659.499948][T23978]  ? clear_bhb_loop+0x40/0x90
[ 1659.499987][T23978]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1659.500020][T23978] RIP: 0033:0x7fe5cf19c799
[ 1659.500049][T23978] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1659.500080][T23978] RSP: 002b:00007fe5d0030028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1659.500112][T23978] RAX: ffffffffffffffda RBX: 00007fe5cf416090 RCX: 00007fe5cf19c799
[ 1659.500134][T23978] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003
[ 1659.500152][T23978] RBP: 00007fe5cf232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1659.500173][T23978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1659.500191][T23978] R13: 00007fe5cf416128 R14: 00007fe5cf416090 R15: 00007ffefc437498
[ 1659.500235][T23978]  </TASK>
[ 1660.232924][T23998] netlink: 'syz.3.19303': attribute type 4 has an invalid length.
[ 1660.258846][T23998] netlink: 314 bytes leftover after parsing attributes in process `syz.3.19303'.
[ 1660.371886][T23993] Process accounting resumed
[ 1661.164836][T24024] FAULT_INJECTION: forcing a failure.
[ 1661.164836][T24024] name failslab, interval 1, probability 0, space 0, times 0
[ 1661.174798][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1661.184876][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[ 1661.247596][T24024] CPU: 1 UID: 0 PID: 24024 Comm: syz.3.19312 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1661.247671][T24024] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1661.247701][T24024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1661.247720][T24024] Call Trace:
[ 1661.247733][T24024]  <TASK>
[ 1661.247746][T24024]  dump_stack_lvl+0x100/0x190
[ 1661.247799][T24024]  should_fail_ex.cold+0x5/0xa
[ 1661.247837][T24024]  should_failslab+0xc2/0x120
[ 1661.247871][T24024]  __kmalloc_cache_noprof+0x7a/0x6f0
[ 1661.247911][T24024]  ? kvm_init_irq_routing+0x43/0xf0
[ 1661.247974][T24024]  kvm_init_irq_routing+0x43/0xf0
[ 1661.248021][T24024]  kvm_dev_ioctl+0x7d4/0x1a50
[ 1661.248064][T24024]  ? find_held_lock+0x2b/0x80
[ 1661.248092][T24024]  ? __fget_files+0x215/0x3d0
[ 1661.248119][T24024]  ? hook_file_ioctl_common+0x146/0x410
[ 1661.248155][T24024]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[ 1661.248194][T24024]  ? __fget_files+0x21f/0x3d0
[ 1661.248241][T24024]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[ 1661.248280][T24024]  __x64_sys_ioctl+0x18e/0x210
[ 1661.248328][T24024]  do_syscall_64+0x106/0xf80
[ 1661.248372][T24024]  ? clear_bhb_loop+0x40/0x90
[ 1661.248411][T24024]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1661.248443][T24024] RIP: 0033:0x7fe5cf19c799
[ 1661.248471][T24024] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1661.248501][T24024] RSP: 002b:00007fe5d0051028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1661.248532][T24024] RAX: ffffffffffffffda RBX: 00007fe5cf415fa0 RCX: 00007fe5cf19c799
[ 1661.248554][T24024] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000005
[ 1661.248573][T24024] RBP: 00007fe5cf232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1661.248593][T24024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1661.248612][T24024] R13: 00007fe5cf416038 R14: 00007fe5cf415fa0 R15: 00007ffefc437498
[ 1661.248654][T24024]  </TASK>
[ 1662.222999][T24050] netlink: 342 bytes leftover after parsing attributes in process `syz.0.19323'.
[ 1662.253039][T24050] netlink: 342 bytes leftover after parsing attributes in process `syz.0.19323'.
[ 1663.038943][T24071] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[ 1663.822950][T24091] ovs_: entered promiscuous mode
[ 1664.651281][T24128] netlink: 330 bytes leftover after parsing attributes in process `syz.1.19341'.
[ 1664.715808][T24130] netlink: 330 bytes leftover after parsing attributes in process `syz.3.19342'.
[ 1664.868505][T24135] netlink: 'syz.1.19344': attribute type 19 has an invalid length.
[ 1664.889223][T24135] netlink: 334 bytes leftover after parsing attributes in process `syz.1.19344'.
[ 1666.884440][T24193] zswap: compressor  not available
[ 1667.753104][T24229] netlink: 342 bytes leftover after parsing attributes in process `syz.3.19360'.
[ 1668.280859][T24265] netlink: 342 bytes leftover after parsing attributes in process `syz.0.19371'.
[ 1670.933901][T24326] FAULT_INJECTION: forcing a failure.
[ 1670.933901][T24326] name failslab, interval 1, probability 0, space 0, times 0
[ 1670.976350][T24326] CPU: 1 UID: 0 PID: 24326 Comm: syz.3.19384 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1670.976424][T24326] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1670.976444][T24326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1670.976464][T24326] Call Trace:
[ 1670.976475][T24326]  <TASK>
[ 1670.976487][T24326]  dump_stack_lvl+0x100/0x190
[ 1670.976540][T24326]  should_fail_ex.cold+0x5/0xa
[ 1670.976578][T24326]  ? tomoyo_realpath_from_path+0xb6/0x690
[ 1670.976622][T24326]  should_failslab+0xc2/0x120
[ 1670.976656][T24326]  __kmalloc_noprof+0xe0/0x850
[ 1670.976713][T24326]  tomoyo_realpath_from_path+0xb6/0x690
[ 1670.976765][T24326]  tomoyo_check_open_permission+0x2af/0x3c0
[ 1670.976804][T24326]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[ 1670.976883][T24326]  ? do_raw_spin_lock+0x128/0x260
[ 1670.976932][T24326]  ? path_get+0x61/0x80
[ 1670.976973][T24326]  tomoyo_file_open+0x6b/0x90
[ 1670.977022][T24326]  security_file_open+0xb5/0x1e0
[ 1670.977062][T24326]  do_dentry_open+0x5aa/0x1660
[ 1670.977096][T24326]  ? security_inode_permission+0xbf/0x250
[ 1670.977139][T24326]  vfs_open+0x82/0x3f0
[ 1670.977193][T24326]  path_openat+0x208c/0x31a0
[ 1670.977240][T24326]  ? __pfx_path_openat+0x10/0x10
[ 1670.977296][T24326]  do_file_open+0x20e/0x430
[ 1670.977333][T24326]  ? __pfx_do_file_open+0x10/0x10
[ 1670.977399][T24326]  ? alloc_fd+0x476/0x790
[ 1670.977433][T24326]  ? do_getname+0x191/0x390
[ 1670.977474][T24326]  do_sys_openat2+0x10d/0x1e0
[ 1670.977514][T24326]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1670.977571][T24326]  __x64_sys_openat+0x12d/0x210
[ 1670.977613][T24326]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1670.977670][T24326]  do_syscall_64+0x106/0xf80
[ 1670.977714][T24326]  ? clear_bhb_loop+0x40/0x90
[ 1670.977753][T24326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1670.977785][T24326] RIP: 0033:0x7fe5cf19c799
[ 1670.977812][T24326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1670.977841][T24326] RSP: 002b:00007fe5d0051028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1670.977871][T24326] RAX: ffffffffffffffda RBX: 00007fe5cf415fa0 RCX: 00007fe5cf19c799
[ 1670.977892][T24326] RDX: 0000000000002400 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 1670.977911][T24326] RBP: 00007fe5cf232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1670.977930][T24326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1670.977948][T24326] R13: 00007fe5cf416038 R14: 00007fe5cf415fa0 R15: 00007ffefc437498
[ 1670.977988][T24326]  </TASK>
[ 1671.126195][T24326] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1671.584857][T24340] netlink: 4 bytes leftover after parsing attributes in process `syz.3.19387'.
[ 1671.647155][T24340] netlink: 13 bytes leftover after parsing attributes in process `syz.3.19387'.
[ 1671.674150][T24340] netlink: 8 bytes leftover after parsing attributes in process `syz.3.19387'.
[ 1673.846039][T24401] netlink: 342 bytes leftover after parsing attributes in process `syz.0.19410'.
[ 1675.417687][T24452] netlink: 'syz.0.19426': attribute type 4 has an invalid length.
[ 1676.527396][T24496] FAULT_INJECTION: forcing a failure.
[ 1676.527396][T24496] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1676.604315][T24496] CPU: 1 UID: 0 PID: 24496 Comm: syz.2.19424 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1676.604388][T24496] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1676.604408][T24496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1676.604427][T24496] Call Trace:
[ 1676.604439][T24496]  <TASK>
[ 1676.604452][T24496]  dump_stack_lvl+0x100/0x190
[ 1676.604507][T24496]  should_fail_ex.cold+0x5/0xa
[ 1676.604535][T24496]  ? page_copy_sane+0x17c/0x2d0
[ 1676.604569][T24496]  copy_folio_from_iter_atomic+0x427/0x1e70
[ 1676.604611][T24496]  ? rcu_is_watching+0x12/0xc0
[ 1676.604670][T24496]  ? __pfx_copy_folio_from_iter_atomic+0x10/0x10
[ 1676.604710][T24496]  ? shmem_write_begin+0x1ba/0x420
[ 1676.604764][T24496]  ? __pfx_shmem_write_begin+0x10/0x10
[ 1676.604817][T24496]  ? balance_dirty_pages_ratelimited_flags+0x91/0x1170
[ 1676.604862][T24496]  generic_perform_write+0x4cb/0xa40
[ 1676.604919][T24496]  ? __pfx_generic_perform_write+0x10/0x10
[ 1676.604972][T24496]  ? file_update_time_flags+0x373/0x500
[ 1676.605018][T24496]  shmem_file_write_iter+0x10e/0x140
[ 1676.605054][T24496]  vfs_write+0x6ac/0x1070
[ 1676.605093][T24496]  ? __pfx_shmem_file_write_iter+0x10/0x10
[ 1676.605132][T24496]  ? __pfx_vfs_write+0x10/0x10
[ 1676.605210][T24496]  ksys_write+0x12a/0x250
[ 1676.605239][T24496]  ? __pfx_ksys_write+0x10/0x10
[ 1676.605276][T24496]  do_syscall_64+0x106/0xf80
[ 1676.605319][T24496]  ? clear_bhb_loop+0x40/0x90
[ 1676.605358][T24496]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1676.605392][T24496] RIP: 0033:0x7f183a19c799
[ 1676.605420][T24496] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1676.605448][T24496] RSP: 002b:00007f183af9f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1676.605477][T24496] RAX: ffffffffffffffda RBX: 00007f183a416090 RCX: 00007f183a19c799
[ 1676.605497][T24496] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003
[ 1676.605515][T24496] RBP: 00007f183a232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1676.605534][T24496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1676.605551][T24496] R13: 00007f183a416128 R14: 00007f183a416090 R15: 00007ffed2142308
[ 1676.605593][T24496]  </TASK>
[ 1677.639454][T24527] netlink: 334 bytes leftover after parsing attributes in process `syz.0.19431'.
[ 1678.974907][T24562] netlink: 342 bytes leftover after parsing attributes in process `syz.0.19440'.
[ 1681.352608][T24595] netlink: 346 bytes leftover after parsing attributes in process `syz.0.19454'.
[ 1681.487119][T24601] netlink: 74 bytes leftover after parsing attributes in process `syz.1.19456'.
[ 1682.154257][T24614] netlink: 8 bytes leftover after parsing attributes in process `syz.1.19460'.
[ 1682.187308][T24613] netlink: 342 bytes leftover after parsing attributes in process `syz.3.19461'.
[ 1682.597964][T24619] netlink: 334 bytes leftover after parsing attributes in process `syz.0.19463'.
[ 1683.215524][T24632] MTRR 2 not used
[ 1683.518307][T24643] netlink: 342 bytes leftover after parsing attributes in process `syz.3.19473'.
[ 1684.546655][T22763] block nbd2: Receive control failed (result -32)
[ 1685.060853][T24703] FAULT_INJECTION: forcing a failure.
[ 1685.060853][T24703] name failslab, interval 1, probability 0, space 0, times 0
[ 1685.073724][T24703] CPU: 1 UID: 0 PID: 24703 Comm: syz.2.19488 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1685.073794][T24703] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1685.073813][T24703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1685.073832][T24703] Call Trace:
[ 1685.073843][T24703]  <TASK>
[ 1685.073855][T24703]  dump_stack_lvl+0x100/0x190
[ 1685.073903][T24703]  should_fail_ex.cold+0x5/0xa
[ 1685.073938][T24703]  should_failslab+0xc2/0x120
[ 1685.073970][T24703]  __kmalloc_cache_noprof+0x7a/0x6f0
[ 1685.074007][T24703]  ? snd_pcm_oss_change_params_locked+0x1db/0x39f0
[ 1685.074051][T24703]  snd_pcm_oss_change_params_locked+0x1db/0x39f0
[ 1685.074094][T24703]  ? __mutex_lock+0x26a/0x1b90
[ 1685.074138][T24703]  ? snd_pcm_oss_sync+0x243/0x840
[ 1685.074169][T24703]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 1685.074208][T24703]  ? __pfx___mutex_lock+0x10/0x10
[ 1685.074261][T24703]  ? __fsnotify_parent+0x2b4/0xca0
[ 1685.074303][T24703]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[ 1685.074342][T24703]  snd_pcm_oss_sync+0x265/0x840
[ 1685.074383][T24703]  snd_pcm_oss_release+0x238/0x300
[ 1685.074417][T24703]  ? __pfx_snd_pcm_oss_release+0x10/0x10
[ 1685.074449][T24703]  __fput+0x3ff/0xb40
[ 1685.074493][T24703]  task_work_run+0x150/0x240
[ 1685.074540][T24703]  ? __pfx_task_work_run+0x10/0x10
[ 1685.074597][T24703]  exit_to_user_mode_loop+0x100/0x4a0
[ 1685.074644][T24703]  do_syscall_64+0x668/0xf80
[ 1685.074687][T24703]  ? clear_bhb_loop+0x40/0x90
[ 1685.074726][T24703]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1685.074760][T24703] RIP: 0033:0x7f183a19c799
[ 1685.074786][T24703] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1685.074813][T24703] RSP: 002b:00007f183afc0028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 1685.074843][T24703] RAX: 0000000000000000 RBX: 00007f183a415fa0 RCX: 00007f183a19c799
[ 1685.074861][T24703] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002
[ 1685.074877][T24703] RBP: 00007f183a232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1685.074893][T24703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1685.074911][T24703] R13: 00007f183a416038 R14: 00007f183a415fa0 R15: 00007ffed2142308
[ 1685.074949][T24703]  </TASK>
[ 1686.117620][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[ 1686.315920][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[ 1686.325952][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[ 1686.334565][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[ 1686.375261][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[ 1686.679336][T24734] ERROR: Out of memory at tomoyo_memory_ok.
[ 1686.911186][T24745] netlink: 322 bytes leftover after parsing attributes in process `syz.0.19500'.
[ 1687.214482][T24766] netlink: 342 bytes leftover after parsing attributes in process `syz.0.19501'.
[ 1687.794918][T24790] netlink: 198 bytes leftover after parsing attributes in process `syz.0.19502'.
[ 1688.059080][T24800] netlink: 342 bytes leftover after parsing attributes in process `syz.0.19507'.
[ 1688.595463][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[ 1688.604164][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[ 1688.665800][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[ 1688.674536][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[ 1688.683314][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[ 1688.697278][T24814] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19509'.
[ 1689.188811][T24823] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[ 1689.348241][T24827] netlink: 334 bytes leftover after parsing attributes in process `syz.0.19514'.
[ 1690.535620][T24847] Process accounting paused
[ 1693.162880][T24905] netlink: 8 bytes leftover after parsing attributes in process `syz.2.19533'.
[ 1693.453485][T24910] netlink: 338 bytes leftover after parsing attributes in process `syz.0.19535'.
[ 1694.433512][T24920] netlink: 'syz.0.19538': attribute type 4 has an invalid length.
[ 1694.453478][T24920] netlink: 'syz.0.19538': attribute type 4 has an invalid length.
[ 1695.454234][T24935] netlink: 342 bytes leftover after parsing attributes in process `syz.1.19546'.
[ 1695.502573][T24939] netlink: 'syz.2.19545': attribute type 4 has an invalid length.
[ 1695.560130][T24941] FAULT_INJECTION: forcing a failure.
[ 1695.560130][T24941] name failslab, interval 1, probability 0, space 0, times 0
[ 1695.636951][T24941] CPU: 1 UID: 0 PID: 24941 Comm: syz.0.19547 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1695.637026][T24941] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1695.637047][T24941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1695.637066][T24941] Call Trace:
[ 1695.637077][T24941]  <TASK>
[ 1695.637090][T24941]  dump_stack_lvl+0x100/0x190
[ 1695.637143][T24941]  should_fail_ex.cold+0x5/0xa
[ 1695.637180][T24941]  should_failslab+0xc2/0x120
[ 1695.637215][T24941]  kmem_cache_alloc_noprof+0x7b/0x6e0
[ 1695.637260][T24941]  ? security_inode_alloc+0x3b/0x2c0
[ 1695.637292][T24941]  ? lockdep_init_map_type+0x5c/0x250
[ 1695.637337][T24941]  security_inode_alloc+0x3b/0x2c0
[ 1695.637372][T24941]  inode_init_always_gfp+0xced/0x1040
[ 1695.637411][T24941]  alloc_inode+0x8e/0x250
[ 1695.637452][T24941]  new_inode+0x22/0x1c0
[ 1695.637497][T24941]  shmem_get_inode+0x212/0x1040
[ 1695.637542][T24941]  ? __pfx_shmem_get_inode+0x10/0x10
[ 1695.637582][T24941]  ? rcu_is_watching+0x12/0xc0
[ 1695.637626][T24941]  ? percpu_counter_add_batch+0xb9/0x230
[ 1695.637674][T24941]  __shmem_file_setup+0x3ac/0x490
[ 1695.637720][T24941]  ? __pfx___shmem_file_setup+0x10/0x10
[ 1695.637771][T24941]  ? vm_area_alloc+0x1f/0x160
[ 1695.637818][T24941]  shmem_zero_setup+0x96/0x1b0
[ 1695.637869][T24941]  __mmap_region+0x2198/0x29e0
[ 1695.637931][T24941]  ? __pfx___mmap_region+0x10/0x10
[ 1695.637988][T24941]  ? set_next_entity+0x11e/0x9c0
[ 1695.638041][T24941]  ? __lock_acquire+0x4a5/0x2630
[ 1695.638081][T24941]  ? find_held_lock+0x2b/0x80
[ 1695.638128][T24941]  ? find_held_lock+0x2b/0x80
[ 1695.638157][T24941]  ? finish_task_switch.isra.0+0x200/0xb80
[ 1695.638192][T24941]  ? finish_task_switch.isra.0+0x200/0xb80
[ 1695.638244][T24941]  ? trace_sched_exit_tp+0x13a/0x180
[ 1695.638282][T24941]  ? __schedule+0x1000/0x6120
[ 1695.638375][T24941]  ? rcu_is_watching+0x12/0xc0
[ 1695.638425][T24941]  ? cap_capable+0x107/0x460
[ 1695.638480][T24941]  mmap_region+0x180/0x3e0
[ 1695.638536][T24941]  do_mmap+0xc63/0x12f0
[ 1695.638579][T24941]  ? __pfx_do_mmap+0x10/0x10
[ 1695.638612][T24941]  ? __pfx_down_write_killable+0x10/0x10
[ 1695.638669][T24941]  vm_mmap_pgoff+0x29e/0x470
[ 1695.638713][T24941]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 1695.638751][T24941]  ? do_futex+0x192/0x350
[ 1695.638794][T24941]  ? __pfx_do_futex+0x10/0x10
[ 1695.638841][T24941]  ksys_mmap_pgoff+0xe1/0x650
[ 1695.638876][T24941]  ? __x64_sys_futex+0x34f/0x4d0
[ 1695.638924][T24941]  ? __x64_sys_futex+0x358/0x4d0
[ 1695.638966][T24941]  ? __pfx_ksys_mmap_pgoff+0x10/0x10
[ 1695.638999][T24941]  ? xfd_validate_state+0x129/0x190
[ 1695.639052][T24941]  __x64_sys_mmap+0x125/0x190
[ 1695.639104][T24941]  do_syscall_64+0x106/0xf80
[ 1695.639146][T24941]  ? clear_bhb_loop+0x40/0x90
[ 1695.639183][T24941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1695.639217][T24941] RIP: 0033:0x7f3a40b9c799
[ 1695.639246][T24941] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1695.639276][T24941] RSP: 002b:00007f3a41a0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1695.639308][T24941] RAX: ffffffffffffffda RBX: 00007f3a40e15fa0 RCX: 00007f3a40b9c799
[ 1695.639330][T24941] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000
[ 1695.639350][T24941] RBP: 00007f3a40c32c99 R08: fffffffffffffffa R09: 0000000000008000
[ 1695.639371][T24941] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000
[ 1695.639390][T24941] R13: 00007f3a40e16038 R14: 00007f3a40e15fa0 R15: 00007ffdaf7dd168
[ 1695.639435][T24941]  </TASK>
[ 1700.325494][T25042] FAULT_INJECTION: forcing a failure.
[ 1700.325494][T25042] name failslab, interval 1, probability 0, space 0, times 0
[ 1700.438534][T25042] CPU: 1 UID: 0 PID: 25042 Comm: syz.2.19560 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1700.438609][T25042] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1700.438630][T25042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1700.438650][T25042] Call Trace:
[ 1700.438661][T25042]  <TASK>
[ 1700.438675][T25042]  dump_stack_lvl+0x100/0x190
[ 1700.438728][T25042]  should_fail_ex.cold+0x5/0xa
[ 1700.438765][T25042]  ? __register_sysctl_table+0xac/0x1650
[ 1700.438825][T25042]  should_failslab+0xc2/0x120
[ 1700.438859][T25042]  __kmalloc_noprof+0xe0/0x850
[ 1700.438917][T25042]  __register_sysctl_table+0xac/0x1650
[ 1700.438969][T25042]  ? is_module_address+0x5f/0xf0
[ 1700.439018][T25042]  ? __pfx___register_sysctl_table+0x10/0x10
[ 1700.439068][T25042]  ? is_module_address+0x69/0xf0
[ 1700.439107][T25042]  ? register_net_sysctl_sz+0x222/0x430
[ 1700.439166][T25042]  __devinet_sysctl_register+0x1b9/0x360
[ 1700.439216][T25042]  ? trace_kmalloc+0x101/0x130
[ 1700.439247][T25042]  ? __pfx___devinet_sysctl_register+0x10/0x10
[ 1700.439303][T25042]  ? __asan_memcpy+0x3c/0x60
[ 1700.439348][T25042]  devinet_init_net+0x334/0x8d0
[ 1700.439398][T25042]  ? __pfx_devinet_init_net+0x10/0x10
[ 1700.439444][T25042]  ops_init+0x1e2/0x5f0
[ 1700.439493][T25042]  setup_net+0x118/0x3a0
[ 1700.439538][T25042]  ? __pfx_setup_net+0x10/0x10
[ 1700.439585][T25042]  ? lockdep_init_map_type+0x5c/0x250
[ 1700.439625][T25042]  ? mutex_init_lockep+0x110/0x150
[ 1700.439671][T25042]  copy_net_ns+0x46f/0x7c0
[ 1700.439702][T25042]  create_new_namespaces+0x3ea/0xac0
[ 1700.439743][T25042]  unshare_nsproxy_namespaces+0xc3/0x1f0
[ 1700.439779][T25042]  ksys_unshare+0x473/0xad0
[ 1700.439826][T25042]  ? __pfx_ksys_unshare+0x10/0x10
[ 1700.439879][T25042]  __x64_sys_unshare+0x31/0x40
[ 1700.439918][T25042]  do_syscall_64+0x106/0xf80
[ 1700.439963][T25042]  ? clear_bhb_loop+0x40/0x90
[ 1700.440005][T25042]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1700.440039][T25042] RIP: 0033:0x7f183a19c799
[ 1700.440066][T25042] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1700.440097][T25042] RSP: 002b:00007f183afc0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 1700.440128][T25042] RAX: ffffffffffffffda RBX: 00007f183a415fa0 RCX: 00007f183a19c799
[ 1700.440149][T25042] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[ 1700.440169][T25042] RBP: 00007f183a232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1700.440188][T25042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1700.440207][T25042] R13: 00007f183a416038 R14: 00007f183a415fa0 R15: 00007ffed2142308
[ 1700.440251][T25042]  </TASK>
[ 1702.104407][T25093] netlink: 342 bytes leftover after parsing attributes in process `syz.1.19571'.
[ 1702.723851][T25107] FAULT_INJECTION: forcing a failure.
[ 1702.723851][T25107] name failslab, interval 1, probability 0, space 0, times 0
[ 1702.769782][T25107] CPU: 1 UID: 0 PID: 25107 Comm: syz.0.19577 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1702.769848][T25107] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1702.769869][T25107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1702.769887][T25107] Call Trace:
[ 1702.769898][T25107]  <TASK>
[ 1702.769911][T25107]  dump_stack_lvl+0x100/0x190
[ 1702.769963][T25107]  should_fail_ex.cold+0x5/0xa
[ 1702.769999][T25107]  should_failslab+0xc2/0x120
[ 1702.770045][T25107]  __kmalloc_cache_noprof+0x7a/0x6f0
[ 1702.770087][T25107]  ? snd_card_file_add+0x52/0x340
[ 1702.770130][T25107]  snd_card_file_add+0x52/0x340
[ 1702.770172][T25107]  snd_pcm_oss_open+0x1c2/0x1390
[ 1702.770208][T25107]  ? kasan_quarantine_put+0x104/0x240
[ 1702.770254][T25107]  ? lockdep_hardirqs_on+0x78/0x100
[ 1702.770299][T25107]  ? find_held_lock+0x2b/0x80
[ 1702.770330][T25107]  ? tomoyo_check_open_permission+0x1db/0x3c0
[ 1702.770370][T25107]  ? __pfx_snd_pcm_oss_open+0x10/0x10
[ 1702.770405][T25107]  ? __lock_acquire+0x4a5/0x2630
[ 1702.770449][T25107]  ? __lock_acquire+0x4a5/0x2630
[ 1702.770498][T25107]  ? do_raw_spin_lock+0x128/0x260
[ 1702.770545][T25107]  ? soundcore_open+0x231/0x5a0
[ 1702.770581][T25107]  ? __pfx_snd_pcm_oss_open+0x10/0x10
[ 1702.770619][T25107]  soundcore_open+0x2e3/0x5a0
[ 1702.770652][T25107]  ? __pfx_soundcore_open+0x10/0x10
[ 1702.770682][T25107]  chrdev_open+0x234/0x6a0
[ 1702.770715][T25107]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1702.770763][T25107]  ? __pfx_chrdev_open+0x10/0x10
[ 1702.770797][T25107]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1702.770840][T25107]  do_dentry_open+0x6d8/0x1660
[ 1702.770870][T25107]  ? __pfx_chrdev_open+0x10/0x10
[ 1702.770913][T25107]  vfs_open+0x82/0x3f0
[ 1702.770958][T25107]  path_openat+0x208c/0x31a0
[ 1702.771005][T25107]  ? __pfx_path_openat+0x10/0x10
[ 1702.771064][T25107]  do_file_open+0x20e/0x430
[ 1702.771099][T25107]  ? __pfx_do_file_open+0x10/0x10
[ 1702.771162][T25107]  ? alloc_fd+0x476/0x790
[ 1702.771197][T25107]  ? do_getname+0x191/0x390
[ 1702.771241][T25107]  do_sys_openat2+0x10d/0x1e0
[ 1702.771284][T25107]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1702.771330][T25107]  ? __x64_sys_close_range+0x2d9/0x5d0
[ 1702.771375][T25107]  __x64_sys_openat+0x12d/0x210
[ 1702.771418][T25107]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1702.771474][T25107]  do_syscall_64+0x106/0xf80
[ 1702.771519][T25107]  ? clear_bhb_loop+0x40/0x90
[ 1702.771559][T25107]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1702.771590][T25107] RIP: 0033:0x7f3a40b9c799
[ 1702.771617][T25107] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1702.771647][T25107] RSP: 002b:00007f3a41a0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1702.771676][T25107] RAX: ffffffffffffffda RBX: 00007f3a40e15fa0 RCX: 00007f3a40b9c799
[ 1702.771696][T25107] RDX: 0000000000020342 RSI: 0000200000000100 RDI: ffffffffffffff9c
[ 1702.771715][T25107] RBP: 00007f3a40c32c99 R08: 0000000000000000 R09: 0000000000000000
[ 1702.771734][T25107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1702.771752][T25107] R13: 00007f3a40e16038 R14: 00007f3a40e15fa0 R15: 00007ffdaf7dd168
[ 1702.771791][T25107]  </TASK>
[ 1703.252938][T25110] ERROR: Out of memory at tomoyo_memory_ok.
[ 1703.439737][T25113] netlink: 350 bytes leftover after parsing attributes in process `syz.1.19581'.
[ 1704.029837][T25130] FAULT_INJECTION: forcing a failure.
[ 1704.029837][T25130] name failslab, interval 1, probability 0, space 0, times 0
[ 1704.079595][T25130] CPU: 1 UID: 0 PID: 25130 Comm: syz.0.19586 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1704.079670][T25130] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1704.079693][T25130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1704.079712][T25130] Call Trace:
[ 1704.079723][T25130]  <TASK>
[ 1704.079734][T25130]  dump_stack_lvl+0x100/0x190
[ 1704.079784][T25130]  should_fail_ex.cold+0x5/0xa
[ 1704.079821][T25130]  ? constrain_params_by_rules+0x175/0xcc0
[ 1704.079861][T25130]  should_failslab+0xc2/0x120
[ 1704.079896][T25130]  __kmalloc_noprof+0xe0/0x850
[ 1704.079951][T25130]  constrain_params_by_rules+0x175/0xcc0
[ 1704.080002][T25130]  ? arch_stack_walk+0xa6/0xf0
[ 1704.080051][T25130]  ? __pfx_constrain_params_by_rules+0x10/0x10
[ 1704.080093][T25130]  ? stack_trace_save+0x8e/0xc0
[ 1704.080132][T25130]  ? kfree+0x1f6/0x6b0
[ 1704.080167][T25130]  ? snd_pcm_hw_param_near.constprop.0+0x573/0x850
[ 1704.080215][T25130]  ? snd_pcm_oss_make_ready_locked+0xb7/0x130
[ 1704.080250][T25130]  ? snd_pcm_oss_read+0x3d4/0x730
[ 1704.080283][T25130]  ? vfs_read+0x1e4/0xb30
[ 1704.080326][T25130]  ? ksys_read+0x12a/0x250
[ 1704.080352][T25130]  ? do_syscall_64+0x106/0xf80
[ 1704.080392][T25130]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1704.080424][T25130]  ? snd_interval_refine+0x2d0/0x580
[ 1704.080474][T25130]  snd_pcm_hw_refine+0x7e7/0xad0
[ 1704.080523][T25130]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[ 1704.080597][T25130]  snd_pcm_hw_param_last+0x2b2/0x660
[ 1704.080643][T25130]  snd_pcm_hw_param_near.constprop.0+0x546/0x850
[ 1704.080688][T25130]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[ 1704.080728][T25130]  ? calc_src_frames.isra.0+0x17c/0x1c0
[ 1704.080774][T25130]  snd_pcm_oss_change_params_locked+0x193a/0x39f0
[ 1704.080829][T25130]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 1704.080900][T25130]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[ 1704.080941][T25130]  snd_pcm_oss_read+0x3d4/0x730
[ 1704.080995][T25130]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[ 1704.081035][T25130]  vfs_read+0x1e4/0xb30
[ 1704.081089][T25130]  ? __pfx_vfs_read+0x10/0x10
[ 1704.081136][T25130]  ? find_held_lock+0x2b/0x80
[ 1704.081165][T25130]  ? __fget_files+0x215/0x3d0
[ 1704.081194][T25130]  ? __fget_files+0x215/0x3d0
[ 1704.081230][T25130]  ? __fget_files+0x21f/0x3d0
[ 1704.081273][T25130]  ksys_read+0x12a/0x250
[ 1704.081301][T25130]  ? __pfx_ksys_read+0x10/0x10
[ 1704.081342][T25130]  do_syscall_64+0x106/0xf80
[ 1704.081385][T25130]  ? clear_bhb_loop+0x40/0x90
[ 1704.081424][T25130]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1704.081459][T25130] RIP: 0033:0x7f3a40b9c799
[ 1704.081487][T25130] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1704.081518][T25130] RSP: 002b:00007f3a41a0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1704.081550][T25130] RAX: ffffffffffffffda RBX: 00007f3a40e15fa0 RCX: 00007f3a40b9c799
[ 1704.081572][T25130] RDX: 0000000000008080 RSI: 0000000000000000 RDI: 0000000000000003
[ 1704.081593][T25130] RBP: 00007f3a40c32c99 R08: 0000000000000000 R09: 0000000000000000
[ 1704.081613][T25130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1704.081633][T25130] R13: 00007f3a40e16038 R14: 00007f3a40e15fa0 R15: 00007ffdaf7dd168
[ 1704.081677][T25130]  </TASK>
[ 1704.971371][T25135] netlink: 330 bytes leftover after parsing attributes in process `syz.0.19589'.
[ 1705.357297][T25143] netlink: 146 bytes leftover after parsing attributes in process `syz.2.19592'.
[ 1705.542231][T25157] netlink: 342 bytes leftover after parsing attributes in process `syz.3.19597'.
[ 1705.553136][T25158] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1706.214083][T25178] netlink: 4 bytes leftover after parsing attributes in process `syz.1.19607'.
[ 1706.251984][T25178] netlink: 13 bytes leftover after parsing attributes in process `syz.1.19607'.
[ 1706.480679][T25183] netlink: 'syz.3.19609': attribute type 1 has an invalid length.
[ 1706.488599][T25183] netlink: 318 bytes leftover after parsing attributes in process `syz.3.19609'.
[ 1707.881073][T25219] Console: switching to colour VGA+ 80x25
[ 1707.939504][T25219] ==================================================================
[ 1707.939530][T25219] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60
[ 1707.939574][T25219] Read of size 26 at addr ffff88802c863dea by task syz.3.19625/25219
[ 1707.939602][T25219] 
[ 1707.939623][T25219] CPU: 1 UID: 0 PID: 25219 Comm: syz.3.19625 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1707.939687][T25219] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1707.939717][T25219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1707.939737][T25219] Call Trace:
[ 1707.939748][T25219]  <TASK>
[ 1707.939761][T25219]  dump_stack_lvl+0x100/0x190
[ 1707.939811][T25219]  print_report+0x156/0x4c9
[ 1707.939855][T25219]  ? __virt_addr_valid+0x81/0x620
[ 1707.939894][T25219]  ? __phys_addr+0xe8/0x180
[ 1707.939933][T25219]  ? fbcon_prepare_logo+0x94e/0xc60
[ 1707.939962][T25219]  kasan_report+0xdf/0x1e0
[ 1707.939995][T25219]  ? fbcon_prepare_logo+0x94e/0xc60
[ 1707.940033][T25219]  kasan_check_range+0x10f/0x1e0
[ 1707.940071][T25219]  __asan_memcpy+0x23/0x60
[ 1707.940113][T25219]  fbcon_prepare_logo+0x94e/0xc60
[ 1707.940153][T25219]  fbcon_init+0x10a0/0x1820
[ 1707.940190][T25219]  visual_init+0x320/0x620
[ 1707.940226][T25219]  do_bind_con_driver.isra.0+0x636/0x9c0
[ 1707.940274][T25219]  store_bind+0x609/0x730
[ 1707.940317][T25219]  ? __pfx_store_bind+0x10/0x10
[ 1707.940355][T25219]  dev_attr_store+0x58/0x80
[ 1707.940388][T25219]  ? __pfx_dev_attr_store+0x10/0x10
[ 1707.940422][T25219]  sysfs_kf_write+0xf2/0x150
[ 1707.940461][T25219]  kernfs_fop_write_iter+0x3e0/0x5f0
[ 1707.940492][T25219]  ? __pfx_sysfs_kf_write+0x10/0x10
[ 1707.940530][T25219]  vfs_write+0x6ac/0x1070
[ 1707.940558][T25219]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[ 1707.940593][T25219]  ? __pfx_vfs_write+0x10/0x10
[ 1707.940652][T25219]  ksys_write+0x12a/0x250
[ 1707.940680][T25219]  ? __pfx_ksys_write+0x10/0x10
[ 1707.940722][T25219]  do_syscall_64+0x106/0xf80
[ 1707.940763][T25219]  ? clear_bhb_loop+0x40/0x90
[ 1707.940798][T25219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1707.940830][T25219] RIP: 0033:0x7fe5cf19c799
[ 1707.940855][T25219] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1707.940884][T25219] RSP: 002b:00007fe5d0051028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1707.940916][T25219] RAX: ffffffffffffffda RBX: 00007fe5cf415fa0 RCX: 00007fe5cf19c799
[ 1707.940938][T25219] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003
[ 1707.940958][T25219] RBP: 00007fe5cf232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1707.940977][T25219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1707.940996][T25219] R13: 00007fe5cf416038 R14: 00007fe5cf415fa0 R15: 00007ffefc437498
[ 1707.941026][T25219]  </TASK>
[ 1707.941038][T25219] 
[ 1707.941047][T25219] Allocated by task 18220:
[ 1707.941064][T25219]  kasan_save_stack+0x30/0x50
[ 1707.941109][T25219]  kasan_save_track+0x14/0x30
[ 1707.941152][T25219]  __kasan_kmalloc+0xaa/0xb0
[ 1707.941193][T25219]  __kmalloc_node_noprof+0x307/0x850
[ 1707.941237][T25219]  alloc_slab_obj_exts+0xae/0x260
[ 1707.941268][T25219]  __memcg_slab_post_alloc_hook+0x246/0x990
[ 1707.941301][T25219]  kmem_cache_alloc_noprof+0x58a/0x6e0
[ 1707.941342][T25219]  alloc_buffer_head+0x21/0x140
[ 1707.941373][T25219]  folio_alloc_buffers+0x2a0/0x8f0
[ 1707.941409][T25219]  create_empty_buffers+0x3a/0x660
[ 1707.941446][T25219]  folio_create_buffers+0x13b/0x1a0
[ 1707.941484][T25219]  __block_write_full_folio+0xed/0xee0
[ 1707.941521][T25219]  block_write_full_folio+0x3b5/0x4e0
[ 1707.941561][T25219]  blkdev_writepages+0xc7/0x150
[ 1707.941598][T25219]  do_writepages+0x278/0x600
[ 1707.941631][T25219]  __writeback_single_inode+0x164/0x13c0
[ 1707.941676][T25219]  writeback_sb_inodes+0x766/0x1c70
[ 1707.941727][T25219]  __writeback_inodes_wb+0xf8/0x2d0
[ 1707.941769][T25219]  wb_writeback+0x755/0xbe0
[ 1707.941810][T25219]  wb_workfn+0x74d/0xc00
[ 1707.941849][T25219]  process_one_work+0xa23/0x19a0
[ 1707.941891][T25219]  worker_thread+0x5ef/0xe50
[ 1707.941929][T25219]  kthread+0x370/0x450
[ 1707.941964][T25219]  ret_from_fork+0x754/0xd80
[ 1707.942005][T25219]  ret_from_fork_asm+0x1a/0x30
[ 1707.942037][T25219] 
[ 1707.942045][T25219] The buggy address belongs to the object at ffff88802c863d00
[ 1707.942045][T25219]  which belongs to the cache kmalloc-192 of size 192
[ 1707.942071][T25219] The buggy address is located 98 bytes to the right of
[ 1707.942071][T25219]  allocated 136-byte region [ffff88802c863d00, ffff88802c863d88)
[ 1707.942102][T25219] 
[ 1707.942110][T25219] The buggy address belongs to the physical page:
[ 1707.942125][T25219] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802c863e00 pfn:0x2c863
[ 1707.942154][T25219] flags: 0xfff00000000200(workingset|node=0|zone=1|lastcpupid=0x7ff)
[ 1707.942181][T25219] page_type: f5(slab)
[ 1707.942208][T25219] raw: 00fff00000000200 ffff88813fe3c3c0 ffff88813fe37288 ffffea0000b05810
[ 1707.942238][T25219] raw: ffff88802c863e00 000000080010000e 00000000f5000000 0000000000000000
[ 1707.942258][T25219] page dumped because: kasan: bad access detected
[ 1707.942274][T25219] page_owner tracks the page as allocated
[ 1707.942286][T25219] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13522, tgid 13519 (syz.1.16559), ts 1145295906587, free_ts 1144591259513
[ 1707.942340][T25219]  post_alloc_hook+0x153/0x170
[ 1707.942377][T25219]  get_page_from_freelist+0x111d/0x3140
[ 1707.942420][T25219]  __alloc_frozen_pages_noprof+0x27c/0x2ba0
[ 1707.942465][T25219]  new_slab+0xa6/0x6b0
[ 1707.942498][T25219]  refill_objects+0x26b/0x400
[ 1707.942537][T25219]  __pcs_replace_empty_main+0x1ab/0x660
[ 1707.942580][T25219]  __kmalloc_node_track_caller_noprof+0x694/0x850
[ 1707.942632][T25219]  kmemdup_noprof+0x29/0x60
[ 1707.942671][T25219]  neigh_parms_alloc+0x85/0x5e0
[ 1707.942769][T25219]  inetdev_init+0x13c/0x570
[ 1707.942813][T25219]  inetdev_event+0x7fa/0x17f0
[ 1707.942857][T25219]  notifier_call_chain+0x99/0x420
[ 1707.942893][T25219]  call_netdevice_notifiers_info+0xbe/0x110
[ 1707.942938][T25219]  register_netdevice+0x16e6/0x2210
[ 1707.942976][T25219]  __ip_tunnel_create+0x52b/0x670
[ 1707.943018][T25219]  ip_tunnel_init_net+0x230/0x780
[ 1707.943062][T25219] page last free pid 13517 tgid 13517 stack trace:
[ 1707.943080][T25219]  __free_frozen_pages+0x7e1/0x10d0
[ 1707.943115][T25219]  memory_bm_free+0x139/0x340
[ 1707.943157][T25219]  free_basic_memory_bitmaps+0x58/0xd0
[ 1707.943184][T25219]  snapshot_release+0x197/0x1f0
[ 1707.943216][T25219]  __fput+0x3ff/0xb40
[ 1707.943246][T25219]  task_work_run+0x150/0x240
[ 1707.943287][T25219]  exit_to_user_mode_loop+0x100/0x4a0
[ 1707.943323][T25219]  do_syscall_64+0x668/0xf80
[ 1707.943362][T25219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1707.943391][T25219] 
[ 1707.943400][T25219] Memory state around the buggy address:
[ 1707.943416][T25219]  ffff88802c863c80: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc
[ 1707.943439][T25219]  ffff88802c863d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1707.943460][T25219] >ffff88802c863d80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1707.943477][T25219]                                                           ^
[ 1707.943494][T25219]  ffff88802c863e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1707.943515][T25219]  ffff88802c863e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 1707.943533][T25219] ==================================================================
[ 1707.962135][T25219] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1707.962169][T25219] CPU: 1 UID: 0 PID: 25219 Comm: syz.3.19625 Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
[ 1707.962238][T25219] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
[ 1707.962261][T25219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1707.962281][T25219] Call Trace:
[ 1707.962293][T25219]  <TASK>
[ 1707.962306][T25219]  dump_stack_lvl+0x100/0x190
[ 1707.962358][T25219]  vpanic+0x552/0x970
[ 1707.962391][T25219]  ? __pfx_vpanic+0x10/0x10
[ 1707.962426][T25219]  ? fbcon_prepare_logo+0x94e/0xc60
[ 1707.962459][T25219]  panic+0xd1/0xe0
[ 1707.962494][T25219]  ? __pfx_panic+0x10/0x10
[ 1707.962526][T25219]  ? fbcon_prepare_logo+0x94e/0xc60
[ 1707.962556][T25219]  ? preempt_schedule_common+0x42/0xc0
[ 1707.962601][T25219]  check_panic_on_warn.cold+0x19/0x34
[ 1707.962636][T25219]  end_report.part.0+0x3a/0x90
[ 1707.962680][T25219]  kasan_report.cold+0xe/0x18
[ 1707.962734][T25219]  ? fbcon_prepare_logo+0x94e/0xc60
[ 1707.962773][T25219]  kasan_check_range+0x10f/0x1e0
[ 1707.962812][T25219]  __asan_memcpy+0x23/0x60
[ 1707.962854][T25219]  fbcon_prepare_logo+0x94e/0xc60
[ 1707.962892][T25219]  fbcon_init+0x10a0/0x1820
[ 1707.962927][T25219]  visual_init+0x320/0x620
[ 1707.962962][T25219]  do_bind_con_driver.isra.0+0x636/0x9c0
[ 1707.963006][T25219]  store_bind+0x609/0x730
[ 1707.963050][T25219]  ? __pfx_store_bind+0x10/0x10
[ 1707.963085][T25219]  dev_attr_store+0x58/0x80
[ 1707.963118][T25219]  ? __pfx_dev_attr_store+0x10/0x10
[ 1707.963151][T25219]  sysfs_kf_write+0xf2/0x150
[ 1707.963190][T25219]  kernfs_fop_write_iter+0x3e0/0x5f0
[ 1707.963221][T25219]  ? __pfx_sysfs_kf_write+0x10/0x10
[ 1707.963261][T25219]  vfs_write+0x6ac/0x1070
[ 1707.963289][T25219]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[ 1707.963324][T25219]  ? __pfx_vfs_write+0x10/0x10
[ 1707.963382][T25219]  ksys_write+0x12a/0x250
[ 1707.963412][T25219]  ? __pfx_ksys_write+0x10/0x10
[ 1707.963445][T25219]  do_syscall_64+0x106/0xf80
[ 1707.963487][T25219]  ? clear_bhb_loop+0x40/0x90
[ 1707.963524][T25219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1707.963556][T25219] RIP: 0033:0x7fe5cf19c799
[ 1707.963582][T25219] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1707.963612][T25219] RSP: 002b:00007fe5d0051028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1707.963644][T25219] RAX: ffffffffffffffda RBX: 00007fe5cf415fa0 RCX: 00007fe5cf19c799
[ 1707.963667][T25219] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003
[ 1707.963688][T25219] RBP: 00007fe5cf232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1707.963717][T25219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1707.963737][T25219] R13: 00007fe5cf416038 R14: 00007fe5cf415fa0 R15: 00007ffefc437498
[ 1707.963769][T25219]  </TASK>
[ 1707.964597][T25219] Kernel Offset: disabled